Secure provisioning in an untrusted environment
First Claim
1. A method performed by a first entity, a second entity, and a third entity, the method comprising:
- embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes private key derivation logic, public key derivation logic, and secure boot code;
generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor derived from the code signing public key;
embedding, by the second entity, the trust anchor in the first electronic circuit;
activating, by the second entity, the secure boot code, wherein the secure boot code causes the private key derivation logic of the first electronic circuit to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;
signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;
sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;
embedding, by the third entity, the trust anchor in the second electronic circuit;
activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the private key derivation logic of the second electronic circuit to generate a message signing private key that is the same as the message signing private key generated by the first electronic circuit using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in the protected register of the second electronic circuit, derives a value from the code signing public key, and compares the value derived from the code signing public key with the trust anchor embedded in the second electronic circuit, verifies the signature of the signed provisioning code using the code signing public key, and when the signature of the signed provisioning code is verified, launches the provisioning code on the second electronic circuit;
receiving, by the provisioning code, a challenge message from a first computer system associated with the second entity;
preparing, by the provisioning code, a signed response message that includes the challenge message signed using the message signing private key;
sending, by the second electronic circuit, the signed response message to the first computer system;
receiving, by the second electronic circuit over a secure channel between the first computer system and the second electronic circuit, sensitive provisioning information from the first computer system; and
storing the sensitive provisioning information on the second electronic circuit.
26 Assignments
0 Petitions
Accused Products
Abstract
Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair.
32 Citations
23 Claims
-
1. A method performed by a first entity, a second entity, and a third entity, the method comprising:
-
embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes private key derivation logic, public key derivation logic, and secure boot code; generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor derived from the code signing public key; embedding, by the second entity, the trust anchor in the first electronic circuit; activating, by the second entity, the secure boot code, wherein the secure boot code causes the private key derivation logic of the first electronic circuit to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit; signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature; sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity; embedding, by the third entity, the trust anchor in the second electronic circuit; activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the private key derivation logic of the second electronic circuit to generate a message signing private key that is the same as the message signing private key generated by the first electronic circuit using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in the protected register of the second electronic circuit, derives a value from the code signing public key, and compares the value derived from the code signing public key with the trust anchor embedded in the second electronic circuit, verifies the signature of the signed provisioning code using the code signing public key, and when the signature of the signed provisioning code is verified, launches the provisioning code on the second electronic circuit; receiving, by the provisioning code, a challenge message from a first computer system associated with the second entity; preparing, by the provisioning code, a signed response message that includes the challenge message signed using the message signing private key; sending, by the second electronic circuit, the signed response message to the first computer system; receiving, by the second electronic circuit over a secure channel between the first computer system and the second electronic circuit, sensitive provisioning information from the first computer system; and storing the sensitive provisioning information on the second electronic circuit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
-
generating a code signing public key and a code signing private key; generating a trust anchor based on the code signing public key; signing provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature; embedding the trust anchor in a first electronic circuit, wherein the first electronic circuit includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values; activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit; sending a challenge message to a second electronic circuit that is connected to a second computer system associated with a second entity; receiving, from a second electronic circuit, a signed response message generated by the second electronic circuit, wherein the signed response message was generated using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit; and verifying, by the first computer system, the signed response message using a message signing public key that was derived from the message signing private key. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
-
receiving, from a second entity, a code signing public key, a trust anchor, and signed provisioning code that includes provisioning code and a signature; embedding the trust anchor in a first electronic circuit that includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values; activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in the first electronic circuit, derives a value from the code signing public key, compares the value derived from the code signing public key with the trust anchor embedded in the electronic circuit, and verifies the signature of the signed provisioning code using the code signing public key; receiving a challenge message from a second computer system associated with a second entity, wherein the second computer system has a message signing public key that was generated by a second electronic circuit, wherein the message signing public key was generated by the second electronic circuit using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit; preparing, by the provisioning code, a signed response message that includes the challenge message signed using the message signing private key; sending the signed response message to the second computer system; and receiving, by the first electronic circuit, sensitive provisioning information from the second computer system when the second computer system is able to verify the signed response message using the message signing public key. - View Dependent Claims (20, 21, 22, 23)
-
Specification