Secure provisioning in an untrusted environment

US 9,100,189 B2
Filed: 08/21/2013
Issued: 08/04/2015
Est. Priority Date: 08/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method performed by a first entity, a second entity, and a third entity, the method comprising:

embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes private key derivation logic, public key derivation logic, and secure boot code;

generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor derived from the code signing public key;

embedding, by the second entity, the trust anchor in the first electronic circuit;

activating, by the second entity, the secure boot code, wherein the secure boot code causes the private key derivation logic of the first electronic circuit to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;

signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;

sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;

embedding, by the third entity, the trust anchor in the second electronic circuit;

activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the private key derivation logic of the second electronic circuit to generate a message signing private key that is the same as the message signing private key generated by the first electronic circuit using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in a protected register of the second electronic circuit, derives a value from the code signing public key, and compares the value derived from the code signing public key with the trust anchor embedded in the second electronic circuit, verifies the signature of the signed provisioning code using the code signing public key, and when the signature of the signed provisioning code is verified, launches the provisioning code on the second electronic circuit;

receiving, by the provisioning code, a challenge message from the second entity;

preparing, by the provisioning code, a signed response message that includes a concatenated message signed using the message signing private key, wherein the concatenated message includes the challenge message concatenated with a unique identifier of the second electronic circuit;

sending, by the provisioning code, the signed response message to the second entity;

determining, by the second entity, whether the unique identifier matches any previously-stored unique identifiers maintained by a first computer system in a log of electronic circuits that have been previously provisioned;

when the unique identifier does not match a unique identifier in the log, receiving, by the second electronic circuit over a secure channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity;

when the unique identifier matches a unique identifier in the log, the second entity refraining from providing the sensitive provisioning information to the second electronic circuit; and

when the sensitive provisioning information is received, storing the sensitive provisioning information on the second electronic circuit.

View all claims

27 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity embeds one or more secret values into copies of the circuit. A second entity: 1) embeds a trust anchor in a first copy of the circuit; 2) causes the circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity. The third entity embeds the trust anchor in a second copy of the circuit and causes the circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the circuit.

32 Citations

View as Search Results

20 Claims

1. A method performed by a first entity, a second entity, and a third entity, the method comprising:
- embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes private key derivation logic, public key derivation logic, and secure boot code;
  
  generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor derived from the code signing public key;
  
  embedding, by the second entity, the trust anchor in the first electronic circuit;
  
  activating, by the second entity, the secure boot code, wherein the secure boot code causes the private key derivation logic of the first electronic circuit to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;
  
  signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;
  
  sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;
  
  embedding, by the third entity, the trust anchor in the second electronic circuit;
  
  activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the private key derivation logic of the second electronic circuit to generate a message signing private key that is the same as the message signing private key generated by the first electronic circuit using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in a protected register of the second electronic circuit, derives a value from the code signing public key, and compares the value derived from the code signing public key with the trust anchor embedded in the second electronic circuit, verifies the signature of the signed provisioning code using the code signing public key, and when the signature of the signed provisioning code is verified, launches the provisioning code on the second electronic circuit;
  
  receiving, by the provisioning code, a challenge message from the second entity;
  
  preparing, by the provisioning code, a signed response message that includes a concatenated message signed using the message signing private key, wherein the concatenated message includes the challenge message concatenated with a unique identifier of the second electronic circuit;
  
  sending, by the provisioning code, the signed response message to the second entity;
  
  determining, by the second entity, whether the unique identifier matches any previously-stored unique identifiers maintained by a first computer system in a log of electronic circuits that have been previously provisioned;
  
  when the unique identifier does not match a unique identifier in the log, receiving, by the second electronic circuit over a secure channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity;
  
  when the unique identifier matches a unique identifier in the log, the second entity refraining from providing the sensitive provisioning information to the second electronic circuit; and
  
  when the sensitive provisioning information is received, storing the sensitive provisioning information on the second electronic circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein embedding the one or more secret values in the first electronic circuit comprises embedding one or more secret values selected from a value embedded in logic gates of the first electronic circuit, a value burned into a set of fuses of the first electronic circuit, and a value embedded in masked read only memory (ROM) of the first electronic circuit.
  - 3. The method of claim 1, further comprising:
    - embedding, by the first entity, the secure boot code in the first and second electronic circuits; and
      
      storing, by the first entity, unique identifiers in the first and second electronic circuits.
  - 4. The method of claim 1, further comprising:
    - providing, by the first entity, the first electronic circuit to the second entity; and
      
      providing, by the first entity, the second electronic circuit to the third entity.
  - 5. The method of claim 1, wherein generating the trust anchor comprises generating a hash of the code signing public key.
  - 6. The method of claim 1, wherein embedding the trust anchor comprises burning the trust anchor into a set of fuses of the first electronic circuit.
  - 7. The method of claim 1, wherein storing the message signing private key comprises storing the message signing private key in protected registers of the first and second electronic circuits.
  - 8. The method of claim 1, wherein code running on the first electronic circuit provides the message signing public key to the second entity.

9. A method performed by a first entity, a second entity, and a third entity, the method comprising:
- embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes private key derivation logic, public key derivation logic, and secure boot code;
  
  generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor derived from the code signing public key;
  
  embedding, by the second entity, the trust anchor in the first electronic circuit;
  
  activating, by the second entity, the secure boot code, wherein the secure boot code causes the private key derivation logic of the first electronic circuit to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;
  
  signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;
  
  sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;
  
  embedding, by the third entity, the trust anchor in the second electronic circuit;
  
  activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the private key derivation logic of the second electronic circuit to generate a message signing private key that is the same as the message signing private key generated by the first electronic circuit using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in a protected register of the second electronic circuit, derives a value from the code signing public key, and compares the value derived from the code signing public key with the trust anchor embedded in the second electronic circuit, verifies the signature of the signed provisioning code using the code signing public key, and when the signature of the signed provisioning code is verified, launches the provisioning code on the second electronic circuit;
  
  receiving, by the provisioning code, a challenge message from the second entity;
  
  preparing, by the provisioning code, a signed response message that includes the challenge message signed using the message signing private key;
  
  sending, by the provisioning code, the signed response message to the second entity;
  
  determining, by the second entity, whether a maximum number of electronic circuits have been previously provisioned;
  
  when the maximum number of electronic circuits have been previously provisioned, the second entity refraining from providing the sensitive provisioning information to the second electronic circuit;
  
  when the maximum number of electronic circuits have not been previously provisioned, receiving, by the second electronic circuit over a secure channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity; and
  
  when the sensitive provisioning information is received, storing the sensitive provisioning information on the second electronic circuit.

10. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
- generating a code signing public key and a code signing private key;
  
  generating a trust anchor based on the code signing public key;
  
  signing provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;
  
  embedding the trust anchor in a first electronic circuit, wherein the first electronic circuit includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values;
  
  activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;
  
  sending a challenge message to a second electronic circuit that is connected to a second computer system associated with a second entity;
  
  receiving, from a second electronic circuit, a signed response message generated by the second electronic circuit, wherein the signed response message includes a concatenated message signed using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the concatenated message includes the challenge message concatenated with a unique identifier of the second electronic circuit, and wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit;
  
  verifying, by the first computer system, the signed response message using a message signing public key that was derived from the message signing private key;
  
  determining, by the first computer system, whether the unique identifier matches any previously-stored unique identifiers maintained by the first computer system in a log of electronic circuits that have been previously provisioned; and
  
  when the unique identifier matches a unique identifier in the log, the first computer system refraining from downloading sensitive provisioning information to the second electronic circuit.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the one or more secret values are selected from a value embedded in logic gates of the first electronic circuit, a value burned into a set of fuses of the first electronic circuit, and a value embedded in masked read only memory (ROM) of the first electronic circuit.
  - 12. The method of claim 10, wherein generating the trust anchor comprises generating a hash of the code signing public key.
  - 13. The method of claim 10, wherein embedding the trust anchor comprises burning the trust anchor into a set of fuses of the first electronic circuit.
  - 14. The method of claim 10, further comprising:
    - providing, by the first electronic circuit, the message signing public key to the first computer system;
      
      sending, by the first entity, the code signing public key, the trust anchor, and the signed provisioning code to a second entity;
      
      when the signed response message is verified, the first computer system downloading the sensitive provisioning information to the second electronic device over a secure channel between the first computer system and the second computer system; and
      
      when the signed response message is not verified, the first computer system refraining from downloading the sensitive provisioning information to the second electronic device.

15. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
- generating a code signing public key and a code signing private key;
  
  generating a trust anchor based on the code signing public key;
  
  signing provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a signature;
  
  embedding the trust anchor in a first electronic circuit, wherein the first electronic circuit includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values;
  
  activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, causes the public key derivation logic of the first electronic circuit to generate a message signing public key that corresponds to the message signing private key, and stores the message signing private key in the first electronic circuit;
  
  sending a challenge message to a second electronic circuit that is connected to a second computer system associated with a second entity;
  
  receiving, from a second electronic circuit, a signed response message generated by the second electronic circuit, wherein the signed response message was generated using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit;
  
  verifying, by the first computer system, the signed response message using a message signing public key that was derived from the message signing private key;
  
  determining, by the first computer system, whether a maximum number of electronic circuits have been previously provisioned; and
  
  when the maximum number of electronic circuits have been previously provisioned, the first computer system refraining from downloading sensitive provisioning information to the second electronic circuit.

16. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
- receiving, from a second entity, a code signing public key, a trust anchor derived from the code signing public key, and signed provisioning code that includes provisioning code and a signature;
  
  embedding the trust anchor in a first electronic circuit that includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values;
  
  activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in the first electronic circuit, derives a value from the code signing public key, compares the value derived from the code signing public key with the trust anchor embedded in the electronic circuit, and verifies the signature of the signed provisioning code using the code signing public key;
  
  receiving a challenge message from a second computer system associated with a second entity, wherein the second computer system has a message signing public key that was generated by a second electronic circuit, wherein the message signing public key was generated by the second electronic circuit using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit;
  
  preparing, by the provisioning code, a signed response message that includes a concatenated message signed using the message signing private key, wherein the concatenated message includes the challenge message concatenated with a unique identifier of the first electronic circuit;
  
  sending the signed response message to the second computer system;
  
  receiving, by the first electronic circuit, sensitive provisioning information from the second computer system when the second computer system is able to verify the signed response message using the message signing public key, and the second computer system is able to determine that the unique identifier does not match any previously-stored unique identifiers maintained by a second computer system in a log of electronic circuits that have been previously provisioned; and
  
  storing the sensitive provisioning information on the first electronic circuit.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the one or more secret values are selected from a value embedded in logic gates of the first electronic circuit, a value burned into a set of fuses of the first electronic circuit, and a value embedded in masked random access memory of the first electronic circuit.
  - 18. The method of claim 16, wherein embedding the trust anchor comprises burning the trust anchor into a set of fuses of the first electronic circuit.
  - 19. The method of claim 16, further comprising:
    - storing the sensitive provisioning information on the first electronic circuit.

20. A method performed by a first entity and a first computer system associated with the first entity, the method comprising the steps of:
- receiving, from a second entity, a code signing public key, a trust anchor derived from the code signing public key, and signed provisioning code that includes provisioning code and a signature;
  
  embedding the trust anchor in a first electronic circuit that includes private key derivation logic, public key derivation logic, secure boot code, and one or more embedded secret values;
  
  activating the secure boot code, wherein the secure boot code causes the private key derivation logic to generate a message signing private key using a combination of the trust anchor and the one or more embedded secret values, stores the message signing private key in the first electronic circuit, derives a value from the code signing public key, compares the value derived from the code signing public key with the trust anchor embedded in the electronic circuit, and verifies the signature of the signed provisioning code using the code signing public key;
  
  receiving a challenge message from a second computer system associated with a second entity, wherein the second computer system has a message signing public key that was generated by a second electronic circuit, wherein the message signing public key was generated by the second electronic circuit using a message signing private key that was generated using the trust anchor and the one or more embedded secret values, which also are stored in the second electronic circuit, wherein the message signing private key used by the second electronic circuit is the same as the message signing private key generated by the first electronic circuit;
  
  preparing, by the provisioning code, a signed response message that includes the challenge message signed using the message signing private key;
  
  sending the signed response message to the second computer system;
  
  receiving, by the first electronic circuit, sensitive provisioning information from the second computer system when the second computer system is able to verify the signed response message using the message signing public key, and the second computer system is able to determine that a maximum number of electronic circuits have not been previously provisioned; and
  
  storing the sensitive provisioning information on the first electronic circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Original Assignee
Freescale Semiconductor, Inc. (NXP Semiconductors NV)
Inventors
Hartley, David H., Tkacik, Thomas E., Covey, Carlin R., Case, Lawrence L., Ziolkowski, Rodney D.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Branske, Hilary

Application Number

US13/971,886
Publication Number

US 20140164779A1
Time in Patent Office

713 Days
Field of Search

713155-157, 713/164, 713/168, 713172-173, 713/176, 713/180, 713/187, 713/191, 713193-194
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2209/12   Details relating to cryptog...

H04L 63/12   Applying verification of th...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Secure provisioning in an untrusted environment

First Claim

27 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure provisioning in an untrusted environment

First Claim

27 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links