Secure key access with one-time programmable memory and applications thereof
First Claim
1. A device for use in conjunction with a key ladder, the device comprises:
- a key store memory operable to store at least one cryptographic key of the key ladder;
a rule set memory operable to store a set of rules for accessing the at least one cryptographic key in conjunction with the key ladder;
a key store arbitration module operable to;
interpret a request to retrieve the at least one cryptographic key stored in the key store memory to produce an interpreted request that indicates a type of cryptographic algorithm;
access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and
grant access to the at least one cryptographic key in accordance with the rule.
2 Assignments
0 Petitions
Accused Products
Abstract
A device includes a key store memory that stores one or more cryptographic keys. A rule set memory stores a set of rules for accessing the cryptographic keys. A key store arbitration module grants access to the cryptographic keys in accordance with the set of rules. The device can be used in conjunction with a key ladder. The device can include a one-time programmable memory and a load module that transfers the cryptographic keys from the one one-time programmable memory to the key store memory and the set of rules to the rule set memory. A validation module can validate the cryptographic keys and the set of rules stored in the key store and rule set memories, based on a signature defined by a signature rule.
24 Citations
19 Claims
-
1. A device for use in conjunction with a key ladder, the device comprises:
-
a key store memory operable to store at least one cryptographic key of the key ladder; a rule set memory operable to store a set of rules for accessing the at least one cryptographic key in conjunction with the key ladder; a key store arbitration module operable to; interpret a request to retrieve the at least one cryptographic key stored in the key store memory to produce an interpreted request that indicates a type of cryptographic algorithm; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the at least one cryptographic key in accordance with the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for use in conjunction with a key ladder, the method comprises:
-
storing at least one cryptographic key of the key ladder in a key store memory; storing a set of rules for accessing the at least one cryptographic key in conjunction with the key ladder in a rule set memory; interpreting a request to retrieve the at least one cryptographic key stored in the key store memory the at least one cryptographic key to produce an interpreted request that indicates a type of cryptographic algorithm; accessing the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and granting access to the at least one cryptographic key in accordance with the rule. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A device comprises:
-
a key store memory operable to store at least one cryptographic key; a rule set memory operable to store a set of rules for accessing the at least one cryptographic key, wherein the set of rules includes a signature rule that defines a signature corresponding to the set of rules and the at least one cryptographic key; a key store arbitration module operable to grant access to the cryptographic key in accordance with the set of rules; and a validation module, coupled to the key store memory, that validates the at least one cryptographic key stored in the key store memory and further validates the set of rules stored in the rule set memory, based on the signature and wherein the validation module erases the set of rules when validation of the set of rules fails.
-
Specification