Programming non-volatile memory in a secure processor
First Claim
Patent Images
1. A method comprising:
- providing a number to use as a small-signature private key;
computing a signature with a small-signature algorithm;
programming, by a manufacturer during the manufacturing of a device, a compressed certificate into a chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;
enabling, in operation, a calling application to obtain a device certificate generated at the device using the device ID, the small-signature private key, the issuer ID, and the signature of the compressed certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, wherein the public key is a function of the small-signature private key, and wherein the device certificate is larger than the compressed certificate.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
-
Citations
9 Claims
-
1. A method comprising:
-
providing a number to use as a small-signature private key; computing a signature with a small-signature algorithm; programming, by a manufacturer during the manufacturing of a device, a compressed certificate into a chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature; enabling, in operation, a calling application to obtain a device certificate generated at the device using the device ID, the small-signature private key, the issuer ID, and the signature of the compressed certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, wherein the public key is a function of the small-signature private key, and wherein the device certificate is larger than the compressed certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification