Systems and methods for secure provisioning of production electronic circuits

US 9,430,658 B2
Filed: 12/16/2014
Issued: 08/30/2016
Est. Priority Date: 12/16/2014
Status: Active Grant

First Claim

Patent Images

1. A circuit configuration and product provisioning method performed by a first entity, a second entity, and a third entity, the method comprising:

embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes key derivation logic and secure boot code;

generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor;

embedding, by the second entity, the trust anchor in the first electronic circuit;

activating, by the second entity, the secure boot code, wherein the secure boot code causes the key derivation logic of the first electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, and stores the secret key in the first electronic circuit;

signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a provisioning code signature;

sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;

embedding, by the third entity, the trust anchor in the second electronic circuit;

activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the key derivation logic of the second electronic circuit to generate the secret key using the combination of the trust anchor and the one or more embedded secret values, stores the secret key in the second electronic circuit, verifies the provisioning code signature of the signed provisioning code using the code signing public key, and when the provisioning code signature is verified, launches the provisioning code on the second electronic circuit;

preparing, by the provisioning code on the second electronic circuit, a first signed message that includes a first message that has been signed using the secret key stored in the second electronic circuit, and a first message signature;

sending, by the second electronic circuit, at least the first message signature to the second entity;

verifying the first signed message by the second entity using the first message signature and the first electronic circuit;

receiving, by the second electronic circuit over a channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity; and

storing the sensitive provisioning information on the second electronic circuit.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code. The OEM can authenticate the second circuit copy using the first circuit copy and a challenge/response protocol.

Citations

22 Claims

1. A circuit configuration and product provisioning method performed by a first entity, a second entity, and a third entity, the method comprising:
- embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes key derivation logic and secure boot code;
  
  generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor;
  
  embedding, by the second entity, the trust anchor in the first electronic circuit;
  
  activating, by the second entity, the secure boot code, wherein the secure boot code causes the key derivation logic of the first electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, and stores the secret key in the first electronic circuit;
  
  signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a provisioning code signature;
  
  sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;
  
  embedding, by the third entity, the trust anchor in the second electronic circuit;
  
  activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the key derivation logic of the second electronic circuit to generate the secret key using the combination of the trust anchor and the one or more embedded secret values, stores the secret key in the second electronic circuit, verifies the provisioning code signature of the signed provisioning code using the code signing public key, and when the provisioning code signature is verified, launches the provisioning code on the second electronic circuit;
  
  preparing, by the provisioning code on the second electronic circuit, a first signed message that includes a first message that has been signed using the secret key stored in the second electronic circuit, and a first message signature;
  
  sending, by the second electronic circuit, at least the first message signature to the second entity;
  
  verifying the first signed message by the second entity using the first message signature and the first electronic circuit;
  
  receiving, by the second electronic circuit over a channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity; and
  
  storing the sensitive provisioning information on the second electronic circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein verifying the first signed message by the second entity comprises:
    - preparing, by the first electronic circuit, a second signed message that includes the first message that has been signed using the secret key stored on the first electronic circuit, and a second message signature;
      
      sending, by the first electronic circuit, at least the second message signature to the second entity;
      
      performing, by the second entity, a comparison between the first message signature and the second message signature; and
      
      when the first and second message signatures match, the second entity determining that the first signed message is verified.
  - 3. The method of claim 1, wherein verifying the first signed message by the second entity comprises:
    - sending, by the second entity, at least the first message signature to the first electronic circuit;
      
      preparing, by the first electronic circuit, a second signed message that includes the first message that has been signed using the secret key, and a second message signature;
      
      performing, by the first electronic circuit, a comparison between the first message signature and the second message signature; and
      
      when the first and second message signatures match, the first electronic circuit indicating to the second entity that the first signed message is verified.
  - 4. The method of claim 1, wherein the second entity sends the first message to the first electronic circuit.
  - 5. The method of claim 1, wherein the first electronic circuit has knowledge of the first message or derives the first message.
  - 6. The method of claim 1, wherein the code signing public key is a Super Root Key (SRK), and the trust anchor is a Super Root Key Hash (SRKH).
  - 7. The method of claim 1, wherein embedding the one or more secret values in the first and second electronic circuits comprises embedding one or more secret values selected from a value embedded in logic gates, a value burned into a set of fuses, and a value embedded in masked read only memory (ROM).
  - 8. The method of claim 1, wherein embedding the trust anchor comprises burning the trust anchor into sets of fuses of the first and second electronic circuits.

9. A method performed by a first entity, the method comprising the steps of:
- generating a code signing public key and a code signing private key;
  
  generating a trust anchor based on the code signing public key;
  
  signing provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a provisioning code signature;
  
  sending the code signing public key, the trust anchor, and the signed provisioning code to a second entity;
  
  embedding the trust anchor in a first electronic circuit, wherein the first electronic circuit includes key derivation logic, secure boot code, and one or more embedded secret values;
  
  activating the secure boot code, wherein the secure boot code causes the key derivation logic to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, and to store the secret key in the first electronic circuit;
  
  receiving, from a second electronic circuit that is distinct from the first electronic circuit and within which the trust anchor and the one or more embedded secret values have been embedded by the second entity, a first signed message when the second electronic circuit successfully verifies the provisioning code signature using the code signing public key, wherein the first signed message includes a first message and a first message signature, wherein the first message has been signed using a secret key stored in the second electronic circuit, and wherein the secret key stored in the second electronic circuit was generated by the second electronic circuit using a combination of the trust anchor and the one or more embedded secret values embedded in the second electronic circuit;
  
  verifying the first signed message using the first electronic circuit; and
  
  when the first signed message is verified, sending sensitive provisioning information to the second electronic circuit.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein verifying the first signed message comprises:
    - receiving, from the first electronic circuit, a second signed message that includes the first message that has been signed using the secret key stored in the first electronic circuit, and a second message signature;
      
      performing a comparison between the first message signature and the second message signature; and
      
      when the first and second message signatures match, determining that the first signed message is verified.
  - 11. The method of claim 9, wherein verifying the first signed message comprises:
    - sending at least the first message signature to the first electronic circuit; and
      
      receiving an indication from the first electronic circuit that the first signed message is verified.
  - 12. The method of claim 9, wherein the one or more secret values are selected from a value embedded in logic gates of the first electronic circuit, a value burned into a set of fuses of the first electronic circuit, and a value embedded in masked read only memory (ROM) of the first electronic circuit.
  - 13. The method of claim 9, further comprising:
    - when the first signed message is not verified, refraining from sending the sensitive provisioning information to the second electronic device.
  - 14. The method of claim 9, wherein the first signed message includes a unique identifier of the second electronic circuit, and the method further comprises:
    - determining whether the unique identifier matches any previously-stored unique identifiers in a log of electronic circuits in products that have been previously provisioned; and
      
      when the unique identifier matches a unique identifier in the log, refraining from sending the sensitive provisioning information to the second electronic circuit.
  - 15. The method of claim 9, wherein the method further comprises:
    - determining whether a maximum number of products that include electronic circuits have been previously provisioned; and
      
      when the maximum number of products have been previously provisioned, refraining from sending the sensitive provisioning information to the second electronic circuit.

16. A method performed by a first entity, a first electronic circuit associated with the first entity, and a first computer system associated with the first entity, the method comprising the steps of:
- receiving, from a second entity that has a second electronic circuit that is distinct from the first electronic circuit, a code signing public key, a trust anchor, and signed provisioning code that includes provisioning code and a signature;
  
  embedding the trust anchor in the first electronic circuit, which includes key derivation logic, secure boot code, and one or more embedded secret values; and
  
  activating the secure boot code in the first electronic circuit, wherein the secure boot code causes key derivation logic of the first electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, stores the secret key in the first electronic circuit, verifies a provisioning code signature of the signed provisioning code using the code signing public key, and when the provisioning code signature is verified, launches the provisioning code on the first electronic circuit;
  
  preparing, by the provisioning code, a first signed message that includes a first message and a first message signature, wherein the first message was signed using the secret key stored on the first electronic circuit;
  
  sending at least the first message signature to the second electronic circuit of the second entity;
  
  receiving sensitive provisioning information from the second entity when the second entity has verified the first signed message using the second electronic circuit; and
  
  storing the sensitive provisioning information on the first electronic circuit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the one or more secret values are selected from a value embedded in logic gates of the first electronic circuit, a value burned into a set of fuses of the first electronic circuit, and a value embedded in masked random access memory of the first electronic circuit.
  - 18. The method of claim 16, wherein embedding the trust anchor comprises burning the trust anchor into a set of fuses of the first electronic circuit.
  - 19. The method of claim 18, further comprising:
    - when the value derived from the code signing public key matches the trust anchor embedded in the first electronic circuit, and when the provisioning code signature is verified, the provisioning code receives a challenge message from the second entity, wherein the first signed message includes the challenge message that has been signed using the secret key.
  - 20. The method of claim 19, wherein preparing the signed response message comprises:
    - concatenating together the challenge message and a unique identifier of the first electronic circuit; and
      
      signing the concatenated message using the secret key to produce the first signed message.

21. An electronic circuit comprising:
- one or more embedded secret values, wherein the one or more secret values embedded in said electronic circuit comprises one or more secret values selected from a value embedded in logic gates of said electronic circuit, a value burned into a set of fuses of said electronic circuit, and a value embedded in masked read only memory (ROM) of said electronic circuit;
  
  an embedded trust anchor;
  
  key derivation logic configured by secure boot code in said electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values;
  
  message signing logic configured to prepare a first signed message that includes a first message and a first message signature, wherein the first message has been signed using the secret key; and
  
  verification logic configured to receive at least a second message signature of a second signed message generated by a second electronic circuit of an external entity which is external to said electronic circuit, to perform a comparison between the first message signature and the second message signature, and when the first and second message signatures match comparison is favorable, to indicate to the external entity that the second signed message is verified, wherein the one or more embedded secret values and the trust anchor also are embedded in the second electronic circuit, and are used by the second electronic circuit to generate the secret key and to prepare the second message signature so that the second message signature will match the first message signature.
- View Dependent Claims (22)
- - 22. The electronic circuit of claim 21, wherein:
    - the trust anchor is burned into a set of fuses of said electronic circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Original Assignee
Freescale Semiconductor, Inc. (NXP Semiconductors NV)
Inventors
Covey, Carlin R., Case, Lawrence L., Tkacik, Thomas E.
Primary Examiner(s)
Chai, Longbit

Application Number

US14/571,637
Publication Number

US 20160171223A1
Time in Patent Office

623 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 2221/033   Test or assess software

G06F 9/4401   Bootstrapping security arra...

H04L 63/0823   using certificates cryptogr...

H04W 12/35   Protecting application or s...

Systems and methods for secure provisioning of production electronic circuits

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure provisioning of production electronic circuits

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links