Secure provisioning in an untrusted environment
First Claim
1. A method of provisioning a first electronic circuit comprising:
- storing, within the electronic circuit, a message signing private key that is inaccessible external to the first electronic circuit;
storing, within the electronic circuit one or more immutable domain parameters;
storing, within the electronic circuit, an immutable trust anchor that is derived from a code signing public key;
generating, by private key derivation logic of the first electronic circuit, the message signing private key using a combination of the trust anchor and the one or more immutable domain parameters;
storing the message signing private key in a first circuitry;
generating, by public key generation logic of the first electronic circuit, a message signing public key to match the message signing private key;
deriving a value from the code signing public key;
comparing the value derived from the code signing public key with the trust anchor stored in the first circuitry;
verifying a signature of signed provisioning code using the code signing public key, wherein the signed provisioning code includes provisioning code and the signature;
receiving a challenge message from a remote computer system, wherein the remote computer system has a message signing public key that was generated by a second electronic circuit, wherein the message signing public key was generated by the second electronic circuit using a message signing private key that was generated using the trust anchor and the one or more immutable domain parameters, which also are stored in the second electronic circuit, and wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit;
preparing, by message signing logic of the first electronic circuit, a signed response message using the message signing private key;
sending the signed response message to the remote computer system; and
receiving sensitive provisioning information from the remote computer system when the remote computer system is able to verify the signed response message using the message signing public key.
23 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.
-
Citations
14 Claims
-
1. A method of provisioning a first electronic circuit comprising:
-
storing, within the electronic circuit, a message signing private key that is inaccessible external to the first electronic circuit;
storing, within the electronic circuit one or more immutable domain parameters;storing, within the electronic circuit, an immutable trust anchor that is derived from a code signing public key; generating, by private key derivation logic of the first electronic circuit, the message signing private key using a combination of the trust anchor and the one or more immutable domain parameters; storing the message signing private key in a first circuitry; generating, by public key generation logic of the first electronic circuit, a message signing public key to match the message signing private key; deriving a value from the code signing public key; comparing the value derived from the code signing public key with the trust anchor stored in the first circuitry; verifying a signature of signed provisioning code using the code signing public key, wherein the signed provisioning code includes provisioning code and the signature; receiving a challenge message from a remote computer system, wherein the remote computer system has a message signing public key that was generated by a second electronic circuit, wherein the message signing public key was generated by the second electronic circuit using a message signing private key that was generated using the trust anchor and the one or more immutable domain parameters, which also are stored in the second electronic circuit, and wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit; preparing, by message signing logic of the first electronic circuit, a signed response message using the message signing private key; sending the signed response message to the remote computer system; and
receiving sensitive provisioning information from the remote computer system when the remote computer system is able to verify the signed response message using the message signing public key.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification