Methods circuits devices and systems for provisioning of cryptographic data to one or more electronic devices
First Claim
Patent Images
1. An electronic device comprising:
- a cryptographic material provisioning (CMP) module to perform a method comprising;
(a) receiving a CMP message which comprises a preamble and a payload;
(b) decrypting the preamble of the CMP message by using a root key of the electronic device;
(c) extracting from the decrypted preamble of the CMP message a first cryptographic key;
(d) extracting from the decrypted preamble of the CMP message a primary permissions data vector indicating at least one of;
(A) a type of keys that are authorized to be provisioned to the electronic device by a user of the preamble, and (B) an indication of whether or not the user of the preamble is authorized to delegate key provisioning rights to other entities;
(e) decrypting at least a portion of the payload of the CMP message by using the first cryptographic key that was extracted from the preamble;
(f) extracting a functional cryptographic key from the decrypted payload of the CMP message, wherein the extracted functional cryptographic key comprises a cryptographic key associated with at least one of;
an application installed on the electronic device, and a process running on the electronic device;
(g) checking key metadata, of the extracted functional cryptographic key, against one or more usage permissions indicated by the primary permissions data vector, and determining whether or not the extracted functional cryptographic key is of a type permitted for provisioning;
(h) if it is determined that the extracted functional cryptographic key is of a type permitted for provisioning by the permissions data vector, then provisioning the extracted functional cryptographic key to said electronic device, wherein the provisioning comprises at least one of;
(x) storing the extracted functional cryptographic key in the electronic device, (y) using the extracted functional cryptographic key in the electronic device, (z) installing the extracted functional cryptographic key in the electronic device,wherein the CMP message comprises a multi-level delegation hierarchy for provisioning one or more cryptographic keys for use by one or more applications of the electronic device;
wherein the root key of the electronic device is used to delegate at least partial key provisioning rights to one or more other parties;
wherein at least one of said other parties is authorized, based on a respective permissions data vector, to delegate at least part of the key provisioning rights to one or more other parties,wherein the electronic device is implemented by utilizing at least a hardware component.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.
31 Citations
19 Claims
-
1. An electronic device comprising:
-
a cryptographic material provisioning (CMP) module to perform a method comprising; (a) receiving a CMP message which comprises a preamble and a payload; (b) decrypting the preamble of the CMP message by using a root key of the electronic device; (c) extracting from the decrypted preamble of the CMP message a first cryptographic key; (d) extracting from the decrypted preamble of the CMP message a primary permissions data vector indicating at least one of;
(A) a type of keys that are authorized to be provisioned to the electronic device by a user of the preamble, and (B) an indication of whether or not the user of the preamble is authorized to delegate key provisioning rights to other entities;(e) decrypting at least a portion of the payload of the CMP message by using the first cryptographic key that was extracted from the preamble; (f) extracting a functional cryptographic key from the decrypted payload of the CMP message, wherein the extracted functional cryptographic key comprises a cryptographic key associated with at least one of;
an application installed on the electronic device, and a process running on the electronic device;(g) checking key metadata, of the extracted functional cryptographic key, against one or more usage permissions indicated by the primary permissions data vector, and determining whether or not the extracted functional cryptographic key is of a type permitted for provisioning; (h) if it is determined that the extracted functional cryptographic key is of a type permitted for provisioning by the permissions data vector, then provisioning the extracted functional cryptographic key to said electronic device, wherein the provisioning comprises at least one of;
(x) storing the extracted functional cryptographic key in the electronic device, (y) using the extracted functional cryptographic key in the electronic device, (z) installing the extracted functional cryptographic key in the electronic device,wherein the CMP message comprises a multi-level delegation hierarchy for provisioning one or more cryptographic keys for use by one or more applications of the electronic device; wherein the root key of the electronic device is used to delegate at least partial key provisioning rights to one or more other parties; wherein at least one of said other parties is authorized, based on a respective permissions data vector, to delegate at least part of the key provisioning rights to one or more other parties, wherein the electronic device is implemented by utilizing at least a hardware component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of cryptographic material provisioning (CMP), the method being implementable on an electronic device which comprises at least a hardware component, the method comprising:
-
(a) receiving a CMP message which comprises a preamble and a payload; (b) decrypting the preamble of the CMP message by using a root key of the electronic device; (c) extracting from the decrypted preamble of the CMP message a first cryptographic key; (d) extracting from the decrypted preamble of the CMP message a primary permissions data vector indicating at least one of;
(A) a type of keys that are authorized to be provisioned to the electronic device by a user of the preamble, and (B) an indication of whether or not the user of the preamble is authorized to delegate key provisioning rights to other entities;(e) decrypting at least a portion of the payload of the CMP message by using the first cryptographic key that was extracted from the preamble; (f) extracting a functional cryptographic key from the decrypted payload of the CMP message, wherein the extracted functional cryptographic key comprises a cryptographic key associated with at least one of;
an application installed on the electronic device, and a process running on the electronic device;(g) checking the extracted functional cryptographic key against one or more usage permissions indicated by the primary permissions data vector, and determining whether or not the extracted functional cryptographic key is of a type permitted for provisioning; (h) if it is determined that the extracted functional cryptographic key is of a type permitted for provisioning by the permissions data vector, then provisioning the extracted functional cryptographic key to said electronic device, wherein the provisioning comprises at least one of;
(x) storing the extracted functional cryptographic key in the electronic device, (y) using the extracted functional cryptographic key in the electronic device, (z) installing the extracted functional cryptographic key in the electronic device;wherein the method is implemented by an electronic device comprising at least a hardware component, wherein the CMP message comprises a multi-level delegation hierarchy for provisioning one or more cryptographic keys for use by one or more applications of the electronic device; wherein the root key of the electronic device is used to delegate at least partial key provisioning rights to one or more other parties; wherein at least one of said other parties is authorized, based on a respective permissions data vector, to delegate at least part of the key provisioning rights to one or more other parties.
-
Specification