Apparatus and method for distributing private keys to an entity with minimal secret, unique information
First Claim
Patent Images
1. A method comprising:
- programming a chip secret key into a manufactured chip;
sending the manufactured chip to a system original equipment manufacturer (OEM); and
generating at least one private key for the manufactured chip in response to a received key update request, wherein generating the at least one private key comprises;
generating cipher text including the at least one private key using an initialization vector (IV) by generating a key vector including the at least one private key; and
sending the cipher text to the system OEM including the IV used to form the cipher text; and
authenticating the received key update request, wherein authenticating the received key update request comprises;
verifying a digital signature of the system OEM included within the key update request;
decrypting the key update request to form a decrypted chip ID if the digital signature of the OEM is verified;
verifying that a chip ID of the manufactured chip matches the decrypted chip ID; and
disregarding the received key update request if the decrypted chip ID is not verified.
0 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claimed.
-
Citations
20 Claims
-
1. A method comprising:
-
programming a chip secret key into a manufactured chip; sending the manufactured chip to a system original equipment manufacturer (OEM); and generating at least one private key for the manufactured chip in response to a received key update request, wherein generating the at least one private key comprises; generating cipher text including the at least one private key using an initialization vector (IV) by generating a key vector including the at least one private key; and sending the cipher text to the system OEM including the IV used to form the cipher text; and authenticating the received key update request, wherein authenticating the received key update request comprises; verifying a digital signature of the system OEM included within the key update request;
decrypting the key update request to form a decrypted chip ID if the digital signature of the OEM is verified;
verifying that a chip ID of the manufactured chip matches the decrypted chip ID; and
disregarding the received key update request if the decrypted chip ID is not verified. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article of manufacture including a non-transitory machine readable medium having stored thereon instructions which may be used to program a system to perform a method, comprising:
-
programming a chip secret key into a manufactured chip; sending the manufactured chip to a system original equipment manufacturer (OEM); and generating at least one private key for the manufactured chip in response to a received key update request, wherein the key update request is issued by the manufactured chip in response to chip initialization, and further wherein generating the at least one private key comprises; generating cipher text including the at least one private key using an initialization vector (IV); and sending the cipher text to the system OEM including the IV used to form the cipher text; and authenticating the received key update request, wherein authenticating the received key update request comprises; verifying a digital signature of the system OEM included within the key update request;
decrypting the key update request to form a decrypted chip ID if the digital signature of the OEM is verified;
verifying that a chip ID of the manufactured chip matches the decrypted chip ID; and
disregarding the received key update request if the decrypted chip ID is not verified. - View Dependent Claims (9)
-
-
10. An article of manufacture including a non-transitory computer readable storage medium having stored thereon instructions which may be used to program a system to perform a method, comprising:
-
initializing an integrated chip to generate a key update request using a preprogrammed chip secret key stored within the integrated chip, wherein initializing the integrated chip comprises; providing random cipher text to the integrated chip; requesting the integrated chip to generate the key update request, by; decrypting, by the integrated chip, the random cipher text using the chip secret key to form a random ID, a random key and a random digital certificate; and encrypting, by the integrated chip, the random ID, the chip secret key and a pad value using a public key of the KDF to form the key update request; and attaching a digital signature of the random cipher text to the key update request; transmitting the key update request to a key distribution facility (KDF); and storing received cipher text including at least one private key from the KDF. - View Dependent Claims (11, 12)
-
-
13. A method comprising:
-
initializing an integrated chip within a system to generate a key update request using a preprogrammed chip secret key stored within the integrated chip, wherein initializing the integrated chip comprises; providing, during initial boot, random cipher text to the integrated chip; requesting the integrated chip to generate the key update request; and decrypting, by the integrated chip, the received cipher text using the chip secret key to form a chip ID and the at least one private key; and authenticating, by the integrated chip, with a content protection application to receive protected content attaching a digital signature of the random cipher text to the key update request; transmitting the key update request to a key distribution facility (KDF); and storing received cipher text including at least one private key from the KDF. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification