Hardware secret usage limits

US 9,292,711 B1
Filed: 01/07/2014
Issued: 03/22/2016
Est. Priority Date: 01/07/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under the control of a computing device,storing, in the computing device, one or more hardware secrets, wherein each hardware secret of the one or more hardware secrets;

has a corresponding usage limit that corresponds to a quota on a predetermined number or rate of cryptographic operations performable using the hardware secret, such that as a result of usage of the hardware secret exceeding the quota, the computing device is unable to unilaterally restore an ability to use the hardware secret; and

is securely stored by the computing device so as to be physically inaccessible and programmatically unexportable from the computing device;

receiving a request whose fulfillment involves performance of one or more cryptographic operations;

fulfilling the request by at least;

performing the one or more cryptographic operations using a first hardware secret of the one or more hardware secrets, where, as a result of the first hardware secret being associated with a first usage limit, the one or more operations are performed in accordance with the first usage limit for the first hardware secret; and

providing a result of performance of the one or more cryptographic operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hardware secret is securely maintained in a computing device. The device operates in accordance with a usage limit corresponding to a limited number of operations using the hardware secret that the device is able to perform. Once the device reaches a usage limit, the device becomes temporarily or permanently unable to perform additional operations using the hardware secret.

231 Citations

20 Claims

1. A computer-implemented method, comprising:
- under the control of a computing device,storing, in the computing device, one or more hardware secrets, wherein each hardware secret of the one or more hardware secrets;
  
  has a corresponding usage limit that corresponds to a quota on a predetermined number or rate of cryptographic operations performable using the hardware secret, such that as a result of usage of the hardware secret exceeding the quota, the computing device is unable to unilaterally restore an ability to use the hardware secret; and
  
  is securely stored by the computing device so as to be physically inaccessible and programmatically unexportable from the computing device;
  
  receiving a request whose fulfillment involves performance of one or more cryptographic operations;
  
  fulfilling the request by at least;
  
  performing the one or more cryptographic operations using a first hardware secret of the one or more hardware secrets, where, as a result of the first hardware secret being associated with a first usage limit, the one or more operations are performed in accordance with the first usage limit for the first hardware secret; and
  
  providing a result of performance of the one or more cryptographic operations.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the first usage limit controls a total number of calculations involving the first hardware secret performable by the computing device before the device is unable to perform cryptographic operations using the first hardware secret.
  - 3. The computer-implemented method of claim 2, further comprising performing one or more operations that cause the first usage limit to be increased as a result of authorization for an increase to the first usage limit from another computing device.
  - 4. The computer-implemented method of claim 1, wherein the first usage limit controls a rate at which calculations involving the first hardware secret are performable by the computing device.
  - 5. The computer-implemented method of claim 1, further comprising, as a result of reaching the at least one usage limit, performing one or more operations that cause physical destruction to the computing device thereby disenabling the computing device from performing cryptographic operations involving the hardware secret.
  - 6. The computer-implemented method of claim 1, wherein:
    - the request originates from a second computing device communicatively attached to the computing device; and
      
      providing the result of performance of the one or more cryptographic operations enables functionality of the second computing device.

7. A device, comprising:
- one or more processors; and
  
  memory;
  
  wherein the memory and one or more processors are collectively configured such that;
  
  the device stores secret information, including a hardware secret, so as to be unexportable and physically inaccessible from the device; and
  
  the one or more processors perform cryptographic operations using the secret information subject to a usage limit associated with the secret information that serves as a quota on a predetermined number of cryptographic operations performable by the one or more processors, the usage limit different from a clock rate limit for the one or more processors, such that as a result of usage of the hardware secret exceeding the quota, the device is unable to unilaterally restore an ability to use the hardware secret; and
  
  the device fulfills a received request by at least;
  
  performing a cryptographic operation using the hardware secret and in accordance with the usage limit; and
  
  providing a result of performance of the cryptographic operations.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The device of claim 7, wherein the cryptographic operations include passcode verification.
  - 9. The device of claim 7, wherein the cryptographic operations include decryption of data encrypted under the secret information.
  - 10. The device of claim 7, further comprising an interface configured to receive requests locally from another device, each request of the received requests being fulfillable by performance of at least one cryptographic operation using the secret information.
  - 11. The device of claim 7, wherein:
    - the quota is a limit for a total number of cryptographic operations using the secret information performable by the device; and
      
      the one or more processors are further configured to destroy the secret information upon reaching the total number of cryptographic operations.
  - 12. The device of claim 7, wherein:
    - the device further comprises a plurality of fuses; and
      
      the one or more processors are further configured to enforce the usage limit by burning the fuses.
  - 13. The device of claim 7, wherein:
    - the device further comprises an interface configured to enable communication with another device; and
      
      the one or more processors are configured to, as a result of receiving, a valid refresh through the interface, information indicating authorization by the other device to refresh the usage limit, enable the device to perform additional cryptographic operations beyond the usage limit.
  - 14. The device of claim 7, wherein:
    - the cryptographic operations are cryptographic verifications each having a positive or negative outcome; and
      
      the usage limit applies to both cryptographic verifications having positive outcomes and cryptographic verifications having negative outcomes.

15. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a device, cause the device to:
- detect a requirement for performance of a predetermined number of cryptographic operations using a hardware secret stored in the device so as to be unexportable and physically inaccessible from the device; and
  
  as a result of detecting the requirement, cause a component of the device having access to the hardware secret to perform the predetermined number of cryptographic operations in accordance with a usage limit applied to the hardware secret, such that as a result of usage of the hardware secret exceeding a quota, the device is unable to unilaterally restore an ability to use the hardware secret; and
  
  fulfill a received request by at least;
  
  causing the component to use the hardware secret to perform a cryptographic operation;
  
  providing a result of performance of the cryptographic operation obtained from the component.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the usage limit corresponds to a fixed number of cryptographic operations performable by the device.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors of the device, cause the device to receive authorization to increase the fixed number.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the usage limit limits a rate at which cryptographic operations using the hardware secret are performable by the device.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the device to detect a trigger and, as a result of detecting the trigger, request an increase to the usage limit.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the trigger is attainment of a first usage limit different from the usage limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Rubin, Gregory Alan
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Murphy, J. Brant

Application Number

US14/149,710
Time in Patent Office

805 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/71   to assure secure computing ...

G06F 2212/1052   Security improvement

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/108   when the policy decisions a...

Hardware secret usage limits

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

231 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware secret usage limits

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

231 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links