Programming on-chip non-volatile memory in a secure processor using a sequence number

US 8,856,513 B2
Filed: 10/09/2009
Issued: 10/07/2014
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

on-chip non-volatile (NV) memory including;

a secret seed random number;

on-chip writable memory including;

a stored sequence number;

a means for receiving a request for a device certificate;

a means for initializing a state variable in the on-chip writable memory to an initial value in response to a power up event of the device;

a means for computing a key as a function of the secret seed random number and the sequence number;

a means for incrementing the sequence number;

a means for storing the incremented sequence number;

a means for generating a first random number as a function of the key and the state variable;

a means for incrementing the state variable;

a means for creating the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;

a means for executing at least a portion of the secure application, the executing using at least a portion of the protected resources;

a means for clearing the state variable from the on-chip writable memory before a power down event of the device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

223 Citations

19 Claims

1. A device comprising:
- on-chip non-volatile (NV) memory including;
  
  a secret seed random number;
  
  on-chip writable memory including;
  
  a stored sequence number;
  
  a means for receiving a request for a device certificate;
  
  a means for initializing a state variable in the on-chip writable memory to an initial value in response to a power up event of the device;
  
  a means for computing a key as a function of the secret seed random number and the sequence number;
  
  a means for incrementing the sequence number;
  
  a means for storing the incremented sequence number;
  
  a means for generating a first random number as a function of the key and the state variable;
  
  a means for incrementing the state variable;
  
  a means for creating the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;
  
  a means for executing at least a portion of the secure application, the executing using at least a portion of the protected resources;
  
  a means for clearing the state variable from the on-chip writable memory before a power down event of the device.
- View Dependent Claims (2, 3, 17, 18)
- - 2. The device of claim 1 further comprising a means for generating a second random number using the key and the incremented state variable.
  - 3. The device of claim 1, wherein the means for computing the key and for generating the first random number is selected from a group consisting of cryptographically strong encryption, decryption, and hash functions.
  - 17. The device of claim 1, wherein the key is one or more of a public key and a private key.
  - 18. The method of claim 1, wherein the method is executed in response to the power up event of the device.

4. A method comprising:
- receiving, using a processor, a request for a device certificate;
  
  initializing, using the processor, a state variable in on-chip writable memory to an initial value in response to a power up event of a device containing the processor;
  
  computing, using the processor, a key as a function of a secret seed random number and a sequence number;
  
  incrementing, using the processor, the sequence number;
  
  generating, using the processor, a first random number as a function of the key and the state variable;
  
  incrementing, using the processor, the state variable;
  
  generating, using the processor, a second random number using the key and the incremented state variable;
  
  creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;
  
  executing at least a portion of the secure application, the executing using at least a portion of the protected resources;
  
  clearing the state variable from the on-chip writable memory before a power down event of the device.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4, wherein computing the key comprises executing one or more of:
    - cryptographically strong encryption, decryption, and hash functions.
  - 6. The method of claim 4, wherein generating the first random number comprises executing one or more of:
    - cryptographically strong encryption, decryption, and hash functions.
  - 7. The method of claim 4, wherein the key is one or more of a public key and a private key.
  - 8. The method of claim 4, wherein the secret seed random number is stored on an on-chip non-volatile (NV) memory.
  - 9. The method of claim 4, wherein the sequence number is a stored sequence number included in the on-chip writable memory.

10. A system, comprising:
- an on-chip non-volatile (NV) memory including a secret seed random number;
  
  an on-chip writable memory including a stored sequence number;
  
  a client-side interface associated with a registered client;
  
  a certificate generation module;
  
  wherein, in operation;
  
  the client-side interface is configured to receive a request for a device certificate and to transmit a validated device certificate;
  
  the certificate generation module is configured to;
  
  initialize a state variable in the on-chip writable memory to an initial value in response to a power up event of a device containing the certificate generation module;
  
  compute a key as a function of the secret seed random number and the sequence number;
  
  increment the sequence number;
  
  generate a first random number as a function of the key and the state variable;
  
  increment the state variable;
  
  create the validated device certificate based on the first random number and the request for the device certificate, the validated device certificate adapted to provide a security signature for accessing protected resources by a secure application, at least a portion of the secure application executed on the system, the execution using at least a portion of the protected resources;
  
  clear the state variable from the on-chip writable memory before a power down event of the device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 19)
- - 11. The system of claim 10 wherein, in operation, the certificate generation module is configured to generate a second random number using the key and the incremented state variable.
  - 12. The system of claim 10, wherein computing the key comprises executing one or more of:
    - cryptographically strong encryption, decryption, and hash functions.
  - 13. The system of claim 10, wherein generating the first random number comprises executing one or more of:
    - cryptographically strong encryption, decryption, and hash functions.
  - 14. The system of claim 10, further comprising a server comprising:
    - a certificate database storing a registered device identity corresponding to the registered client;
      
      a certificate request module;
      
      a server interface communicatively coupled to the client-side interface;
      
      a certificate verification module;
      
      wherein, in operation;
      
      the certificate request module creates the request for the device certificate based on the registered device identity;
      
      the server interface transmits the request for the device certificate to the client-side interface and receives the validated device certificate from the client-side interface;
      
      the certificate verification module verifies the validated device certificate.
  - 15. The system of claim 14, wherein:
    - the server comprises a pseudo random number (PRN) generator configured to generate a second random number; and
      
      the certificate request module creates the request for the device certificate based on the second random number.
  - 16. The system of claim 10, wherein the key is one or more of a public key and a private key.
  - 19. The system of claim 10, wherein, in operation, the request for the device certificate occurs in response to the power up event of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Srinivasan, Pramila, Princen, John
Primary Examiner(s)
Poltorak, Peter

Application Number

US12/576,356
Publication Number

US 20100091988A1
Time in Patent Office

1,824 Days
Field of Search

None
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0869   involving random numbers or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

223 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

223 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links