Hardware secret usage limits
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of a computing device,storing, in the computing device, one or more hardware secrets, wherein each hardware secret of the one or more hardware secrets;
has a corresponding usage limit that corresponds to a quota on a predetermined number or rate of cryptographic operations performable using the hardware secret, such that as a result of usage of the hardware secret exceeding the quota, the computing device is unable to unilaterally restore an ability to use the hardware secret; and
is securely stored by the computing device so as to be physically inaccessible and programmatically unexportable from the computing device;
receiving a request whose fulfillment involves performance of one or more cryptographic operations;
fulfilling the request by at least;
performing the one or more cryptographic operations using a first hardware secret of the one or more hardware secrets, where, as a result of the first hardware secret being associated with a first usage limit, the one or more operations are performed in accordance with the first usage limit for the first hardware secret; and
providing a result of performance of the one or more cryptographic operations.
1 Assignment
0 Petitions
Accused Products
Abstract
A hardware secret is securely maintained in a computing device. The device operates in accordance with a usage limit corresponding to a limited number of operations using the hardware secret that the device is able to perform. Once the device reaches a usage limit, the device becomes temporarily or permanently unable to perform additional operations using the hardware secret.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
under the control of a computing device, storing, in the computing device, one or more hardware secrets, wherein each hardware secret of the one or more hardware secrets; has a corresponding usage limit that corresponds to a quota on a predetermined number or rate of cryptographic operations performable using the hardware secret, such that as a result of usage of the hardware secret exceeding the quota, the computing device is unable to unilaterally restore an ability to use the hardware secret; and is securely stored by the computing device so as to be physically inaccessible and programmatically unexportable from the computing device; receiving a request whose fulfillment involves performance of one or more cryptographic operations; fulfilling the request by at least; performing the one or more cryptographic operations using a first hardware secret of the one or more hardware secrets, where, as a result of the first hardware secret being associated with a first usage limit, the one or more operations are performed in accordance with the first usage limit for the first hardware secret; and providing a result of performance of the one or more cryptographic operations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A device, comprising:
-
one or more processors; and memory; wherein the memory and one or more processors are collectively configured such that; the device stores secret information, including a hardware secret, so as to be unexportable and physically inaccessible from the device; and the one or more processors perform cryptographic operations using the secret information subject to a usage limit associated with the secret information that serves as a quota on a predetermined number of cryptographic operations performable by the one or more processors, the usage limit different from a clock rate limit for the one or more processors, such that as a result of usage of the hardware secret exceeding the quota, the device is unable to unilaterally restore an ability to use the hardware secret; and the device fulfills a received request by at least; performing a cryptographic operation using the hardware secret and in accordance with the usage limit; and providing a result of performance of the cryptographic operations. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a device, cause the device to:
-
detect a requirement for performance of a predetermined number of cryptographic operations using a hardware secret stored in the device so as to be unexportable and physically inaccessible from the device; and as a result of detecting the requirement, cause a component of the device having access to the hardware secret to perform the predetermined number of cryptographic operations in accordance with a usage limit applied to the hardware secret, such that as a result of usage of the hardware secret exceeding a quota, the device is unable to unilaterally restore an ability to use the hardware secret; and fulfill a received request by at least; causing the component to use the hardware secret to perform a cryptographic operation; providing a result of performance of the cryptographic operation obtained from the component. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification