×

Systems and methods for secure provisioning of production electronic circuits

  • US 9,430,658 B2
  • Filed: 12/16/2014
  • Issued: 08/30/2016
  • Est. Priority Date: 12/16/2014
  • Status: Active Grant
First Claim
Patent Images

1. A circuit configuration and product provisioning method performed by a first entity, a second entity, and a third entity, the method comprising:

  • embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes key derivation logic and secure boot code;

    generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor;

    embedding, by the second entity, the trust anchor in the first electronic circuit;

    activating, by the second entity, the secure boot code, wherein the secure boot code causes the key derivation logic of the first electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, and stores the secret key in the first electronic circuit;

    signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a provisioning code signature;

    sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity;

    embedding, by the third entity, the trust anchor in the second electronic circuit;

    activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the key derivation logic of the second electronic circuit to generate the secret key using the combination of the trust anchor and the one or more embedded secret values, stores the secret key in the second electronic circuit, verifies the provisioning code signature of the signed provisioning code using the code signing public key, and when the provisioning code signature is verified, launches the provisioning code on the second electronic circuit;

    preparing, by the provisioning code on the second electronic circuit, a first signed message that includes a first message that has been signed using the secret key stored in the second electronic circuit, and a first message signature;

    sending, by the second electronic circuit, at least the first message signature to the second entity;

    verifying the first signed message by the second entity using the first message signature and the first electronic circuit;

    receiving, by the second electronic circuit over a channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity; and

    storing the sensitive provisioning information on the second electronic circuit.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×