Secure loading and storing of data in a data processing device

US 8,627,086 B2
Filed: 09/07/2005
Issued: 01/07/2014
Est. Priority Date: 10/11/2004
Status: Active Grant

First Claim

Patent Images

1. A method of loading data into a data processing device, comprising the steps of:

receiving a payload data item by the data processing device;

performing a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;

storing the authenticated received payload data item in the data processing device; and

integrity protecting the stored payload data item, the integrity protecting comprisingcalculating a reference message authentication code value of a combined data item derived from at least the audit hash value and a random number or at least the audit hash value and a version control data item, whereinthe calculating uses a secret key stored in the data processing device as an input.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

Citations

19 Claims

1. A method of loading data into a data processing device, comprising the steps of:
- receiving a payload data item by the data processing device;
  
  performing a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  storing the authenticated received payload data item in the data processing device; and
  
  integrity protecting the stored payload data item, the integrity protecting comprisingcalculating a reference message authentication code value of a combined data item derived from at least the audit hash value and a random number or at least the audit hash value and a version control data item, whereinthe calculating uses a secret key stored in the data processing device as an input.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 19)
- - 2. The method according to claim 1, wherein the step of performing a cryptographic authentication process further comprises:
    - receiving a reference hash value; and
      
      comparing the received reference hash value with the calculated audit hash value to verify the authenticity of the received payload data item.
  - 3. The method according to claim 2, wherein the step of performing a cryptographic authentication process includes digitally signing the data item according to a public key cryptosystem.
  - 4. The method according to claim 3, further comprising the steps of:
    - receiving the payload data item, a digital signature data item and a digitally signed digital certificate data item, wherein the digital certificate data item includes a first public key and wherein the digital signature data item includes a reference hash value encrypted with a first private key corresponding to the first public key;
      
      authenticating the digitally signed digital certificate data item against a root public key stored in the data processing device;
      
      authenticating the digital signature data item against the authenticated digital certificate; and
      
      comparing the received reference hash value with the calculated audit hash value to verify the authenticity of the received payload data item.
  - 5. The method according to claim 3, further comprising the step of cryptographically authenticating the reference hash value;
    - and wherein the step of calculating the reference message authentication code value is performed only if the reference hash value is successfully authenticated.
  - 6. The method according to claim 1, wherein the step of integrity protecting further comprises storing the calculated reference message authentication code value in relation to the received payload data item.
  - 7. The method according to claim 1, further comprising the step of storing a version control data record in a version control data structure, the version control data record including information about the received payload data item including at least the version control data item.
  - 8. The method according to claim 7, wherein the stored version control data record is integrity protected.
  - 9. The method according to claim 7, wherein the version control data record comprises a version counter.
  - 10. The method according to claim 9, wherein the version control data record further comprises a back counter identifying a number of previous versions that may replace the current version of the payload data item.
  - 11. The method according to claim 1, wherein the secret key is a secret data item unique to the data processing device.
  - 12. The method according to claim 1, wherein the secret key is a secret data item known only to the data processing device.
  - 13. The method according to claim 1, wherein the step of receiving the payload data item further comprises the step of receiving a delta update of a previously received current data item, andgenerating the payload data item as an updated payload data item from the previously received current data item and the received delta update.
  - 19. The method of claim 1, wherein the secret key is a chip-unique key stored in hardware.

14. A computer program run on a data processing device, comprising:
- program code, stored on a non-transitory computer-readable storage medium, when executed by the data processing device, executes instructions adapted to cause the data processing device to receive a payload data item by the data processing device;
  
  program code, stored on the non-transitory computer-readable storage medium, when executed by the data processing device, executes instructions adapted to cause the data processing device to perform a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  program code, stored on the non-transitory computer-readable storage medium, when executed by the data processing device, executes instructions adapted to cause the data processing device to store the authenticated received payload data item in the data processing device; and
  
  program code, stored on the non-transitory computer-readable storage medium, when executed by the data processing device, executes instructions adapted to cause the data processing device to integrity protect the stored payload data item, by calculating a reference message authentication code value of a combined data item derived from at least the audit hash value and a random number or at least the audit hash value and a version data control item,wherein calculating the reference message authentication code value uses a secret key stored in the data processing device as an input.

15. A data processing device comprisinga first processing circuit adapted to:
- receive a payload data item by the data processing device;
  
  perform a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  store the authenticated received payload data item in the data processing device; and
  
  integrity protect the stored payload data item by calculating a reference message authentication code value of a combined data item derived from at least the audit hash value and a random number or at least the audit hash value and a version control data item,wherein calculating the reference message authentication code value uses a secret key stored in the data processing device as an input.
- View Dependent Claims (16, 17, 18)
- - 16. The data processing device according to claim 15, further comprising storage means adapted to store the received payload data item;
    - and a second processing circuit connected to the storage means and to the first processing circuit;
      
      wherein the second processing circuit is adapted to provide to the first processing circuit at least read access to the storage means.
  - 17. The data processing device according to claim 15, wherein the first processing circuit comprises local storage means for storing a root public key of an asymmetric cryptographic system.
  - 18. The data processing device according to claim 15, wherein the first processing circuit comprises local storage means for storing said secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NovaCloud Licensing LLC
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Gehrmann, Christian, Smeets, Bernard
Primary Examiner(s)
Mehedi, Morshed

Application Number

US11/577,084
Publication Number

US 20080133929A1
Time in Patent Office

3,044 Days
Field of Search

713/176, 713/179
US Class Current

713/176
CPC Class Codes

G06F 21/51 at application loading time...

Secure loading and storing of data in a data processing device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure loading and storing of data in a data processing device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links