Programming on-chip non-volatile memory in a secure processor using a sequence number
First Claim
Patent Images
1. A device comprising:
- on-chip non-volatile (NV) memory including;
a secret seed random number;
on-chip writable memory including;
a stored sequence number;
a means for receiving a request for a device certificate;
a means for initializing a state variable in the on-chip writable memory to an initial value in response to a power up event of the device;
a means for computing a key as a function of the secret seed random number and the sequence number;
a means for incrementing the sequence number;
a means for storing the incremented sequence number;
a means for generating a first random number as a function of the key and the state variable;
a means for incrementing the state variable;
a means for creating the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;
a means for executing at least a portion of the secure application, the executing using at least a portion of the protected resources;
a means for clearing the state variable from the on-chip writable memory before a power down event of the device.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
223 Citations
19 Claims
-
1. A device comprising:
-
on-chip non-volatile (NV) memory including; a secret seed random number; on-chip writable memory including; a stored sequence number; a means for receiving a request for a device certificate; a means for initializing a state variable in the on-chip writable memory to an initial value in response to a power up event of the device; a means for computing a key as a function of the secret seed random number and the sequence number; a means for incrementing the sequence number; a means for storing the incremented sequence number; a means for generating a first random number as a function of the key and the state variable; a means for incrementing the state variable; a means for creating the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application; a means for executing at least a portion of the secure application, the executing using at least a portion of the protected resources; a means for clearing the state variable from the on-chip writable memory before a power down event of the device. - View Dependent Claims (2, 3, 17, 18)
-
-
4. A method comprising:
-
receiving, using a processor, a request for a device certificate; initializing, using the processor, a state variable in on-chip writable memory to an initial value in response to a power up event of a device containing the processor; computing, using the processor, a key as a function of a secret seed random number and a sequence number; incrementing, using the processor, the sequence number; generating, using the processor, a first random number as a function of the key and the state variable; incrementing, using the processor, the state variable; generating, using the processor, a second random number using the key and the incremented state variable; creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application; executing at least a portion of the secure application, the executing using at least a portion of the protected resources; clearing the state variable from the on-chip writable memory before a power down event of the device. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
an on-chip non-volatile (NV) memory including a secret seed random number; an on-chip writable memory including a stored sequence number; a client-side interface associated with a registered client; a certificate generation module; wherein, in operation; the client-side interface is configured to receive a request for a device certificate and to transmit a validated device certificate; the certificate generation module is configured to; initialize a state variable in the on-chip writable memory to an initial value in response to a power up event of a device containing the certificate generation module; compute a key as a function of the secret seed random number and the sequence number; increment the sequence number; generate a first random number as a function of the key and the state variable; increment the state variable; create the validated device certificate based on the first random number and the request for the device certificate, the validated device certificate adapted to provide a security signature for accessing protected resources by a secure application, at least a portion of the secure application executed on the system, the execution using at least a portion of the protected resources; clear the state variable from the on-chip writable memory before a power down event of the device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 19)
-
Specification