Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure

US 9,584,509 B2
Filed: 11/06/2014
Issued: 02/28/2017
Est. Priority Date: 05/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an Appliance device of a cryptographic manager (CM) system, a Module over a network from a Service device of the CM system, the Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device;

receiving, by the Appliance device, a ticket over the network from the Service device, wherein the ticket is digital data that grants permission to the Appliance device to execute the Module;

verifying, by the Appliance device, the ticket; and

executing, by the Appliance device, the Module when the ticket is verified, wherein executing the Module results in a secure construction of a sequence of operations to securely provision the data asset to the target device, wherein the Appliance device comprises a hardware security module (HSM);

maintaining, by the HSM, a list of current tickets for each of ticket names known to the Appliance device;

maintaining, by the HSM, a counter that is used to prevent replay attacks; and

receiving, by the Appliance device, a ticket-related message to grant a new ticket to the HSM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

20 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by an Appliance device of a cryptographic manager (CM) system, a Module over a network from a Service device of the CM system, the Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device;
  
  receiving, by the Appliance device, a ticket over the network from the Service device, wherein the ticket is digital data that grants permission to the Appliance device to execute the Module;
  
  verifying, by the Appliance device, the ticket; and
  
  executing, by the Appliance device, the Module when the ticket is verified, wherein executing the Module results in a secure construction of a sequence of operations to securely provision the data asset to the target device, wherein the Appliance device comprises a hardware security module (HSM);
  
  maintaining, by the HSM, a list of current tickets for each of ticket names known to the Appliance device;
  
  maintaining, by the HSM, a counter that is used to prevent replay attacks; and
  
  receiving, by the Appliance device, a ticket-related message to grant a new ticket to the HSM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the ticket is a signed ticket authorization that permits the Appliance device to execute the Module a single time to prevent duplication of the data asset and prevent duplicate consumption of the data asset, wherein the method further comprises preventing duplication of the data asset and duplicate consumption of the data asset after the executing the Module using the signed ticket authorization.
  - 3. The method of claim 1, further comprising creating, by the Appliance device, an audit log of the executing the Module using the ticket.
  - 4. The method of claim 1, wherein the ticket comprises a pair of N-bit strings, a ticket name representing a ticket type associated with a type of data asset, and a ticket identifier (ID) that identifies a particular data asset record.
  - 5. The method of claim 1, further comprising receiving, by the Appliance device, a pre-computed data (PCD) asset over the network from the Service device for the data asset in connection with the Module and the ticket, wherein an input section of a Module file, containing the Module, associates a PCD type to a ticket type, and wherein verifying the ticket comprises comparing a current ticket type of the ticket to the ticket type in the input section of the Module file, wherein the ticket is verified when the ticket type and the current ticket type match.
  - 6. The method of claim 1, further comprising at least one of the following:
    - receiving, by the Appliance device, a second ticket-related message from the Service device to obtain an internal state of the HSM and transfer the internal state to the Service device;
      
      orreceiving, by the Appliance device, a third ticket-related message to remove the ticket from the HSM.
  - 7. The method of claim 1, wherein verifying the ticket comprises verifying a ticket index against a sequential index for the data asset, wherein the data asset is sequential data.
  - 8. The method of claim 1, wherein the data asset is a pre-computed data (PCD) asset in a sequential PCD file that specifies a PCD type and a ticket type, and wherein verifying the ticket comprises:
    - comparing a current ticket type in the ticket against the ticket type of the PCD asset; and
      
      comparing a current PCD type against the PCD type of the PCD asset, wherein the ticket is verified when the current ticket type matches the ticket type of the PCD asset and the current PCD type matches the PCD type of the PCD asset.
  - 9. The method of claim 1, wherein the data asset is a high-bandwidth digital content protection (HDCP) record containing a HDCP key and the ticket is a cryptographic key issued by the Service device for the HDCP record, and wherein the method further comprises:
    - consuming the HDCP key when the ticket is verified to enforce a single-use and unique nature of HDCP key provisioning;
      
      tracking a history of tickets issued by the Service device;
      
      detecting a duplicate in the history of tickets; and
      
      generating an alert when the duplicate is detected in the history of tickets.
  - 10. The method of claim 1, wherein the data asset is a high-bandwidth digital content protection (HDCP) record containing an encrypted HDCP key and a key selection vector (KSV) value, and wherein the method further comprises:
    - tracking a history of the KSV value;
      
      performing a log-based check of the history to detect an offending duplicate, wherein the performing the log-based check is based on at least one of
      
           1) logs of the Appliance device referencing a same one of issued KSV values;
      
           2) logs of sequences executed by Appliance device with a same one of the issued KSV values,
      
           3) logs of consumed tickets by Appliance device;
      
      tickets, or
      
           4) logs of a Tester device; and
      
      issuing an alert when the duplicate is detected.
  - 11. The method of claim 10, wherein the HDCP record is stored in a pre-computed data (PCD) asset, and wherein the KSV value in the PCD asset is readable by the Appliance device without knowledge of the HDCP key used by a hardware security module (HSM) of the Appliance device to decrypt the encrypted HDCP key.

12. An Appliance device comprising:
- a processor; and
  
  a network interface coupled to the processor and communicatively coupled to a Service device of a cryptographic manager (CM) system, wherein the processor is operable to;
  
  receive a Module over a network from the Service device, the Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device;
  
  receive a ticket over the network from the Service device, wherein the ticket is digital data that grants permission to the device to execute the Module;
  
  verify the ticket; and
  
  execute the Module when the ticket is verified, wherein the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision the data asset to the target device; and
  
  a hardware security module (HSM), and wherein the HSM is operable to;
  
  maintain a list of current tickets for each of ticket names known to the Appliance device;
  
  maintain a counter that is used to prevent replay attacks; and
  
  receive a second ticket-related message to grant a new ticket to the HSM.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The Appliance device of claim 12, wherein the ticket is a signed ticket authorization that permits the Appliance device to execute the Module a single time to prevent duplication of the data asset and prevent duplicate consumption of the data asset, wherein the processor is further operable to prevent duplication of the data asset and duplicate consumption of the data asset after the executing the Module using the signed ticket authorization.
  - 14. The Appliance device of claim 12, wherein the processor is further operable to create an audit log of the executing the Module using the ticket.
  - 15. The Appliance device of claim 12, wherein the ticket comprises a pair of N-bit strings, a ticket name representing a ticket type associated with a type of data asset, and a ticket identifier (ID) that identifies a particular data asset record.
  - 16. The Appliance device of claim 12, wherein the processor is further operable to:
    - receive a pre-computed data (PCD) asset over the network from the Service device for the data asset in connection with the Module and the ticket, wherein an input section of a Module file, containing the Module, associates a PCD type to a ticket type; and
      
      compare a current ticket type of the ticket to the ticket type in the input section of the Module file to verify the ticket, wherein the ticket is verified when the ticket type and the current ticket type match.
  - 17. The Appliance device of claim 12,wherein the processor is further operable to:
    - receive a second ticket-related message from the Service device to obtain an internal state of the HSM and transfer the internal state to the Service device;
      
      orreceive a third ticket-related message to remove the ticket from the HSM.

18. A Service device comprising:
- a processor; and
  
  a network interface coupled to the processor and communicatively coupled over a network to an Appliance device of a cryptographic manager (CM) system, wherein the processor is operable to;
  
  associate a ticket type with a pre-computed data (PCD) asset for a target device;
  
  send a Module, the PCD and a ticket over the network to the Appliance device in the CM system, wherein the ticket is a digital data that grants permission to the Appliance device to execute the Module, wherein the ticket specifies a current ticket type, wherein the Module is an application that securely provisions the PCD to the target device in an operation phase of a manufacturing lifecycle of the target device, wherein the Appliance device is to verify that the current ticket type in the ticket matches the ticket type specified in the PCD asset; and
  
  send a ticket-related message over the network to the Appliance to grant a new ticket for a hardware security module (HSM) of the Appliance device, the HSM maintains a list of current tickets for each of ticket names known to the Appliance device and maintains a counter that is used to prevent replay attacks.
- View Dependent Claims (19, 20)
- - 19. The Service device of claim 18, wherein the processor is further operable to send a second ticket-related message to the Appliance device to obtain an internal state of the HSM of the Appliance device.
  - 20. The Service device of claim 18, wherein the processor is further operable to send a third ticket-related message to the Appliance device to remove the ticket from the HSM of the Appliance device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Hamburg, Michael, Jun, Benjamin Che-Ming, Kocher, Paul C., O'Loughlin, Daniel, Pochuev, Denis Alexandrovich, Kumar, Ambuj
Primary Examiner(s)
Hailu, Teshome

Application Number

US14/535,202
Publication Number

US 20150326541A1
Time in Patent Office

845 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

G06F 2221/2107   File encryption

G06F 2221/2135   Metering

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 67/60   Scheduling or organising th...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links