Programming on-chip non-volatile memory in a secure processor using a sequence number

US 9,589,154 B2
Filed: 07/07/2014
Issued: 03/07/2017
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, using a processor, a request for a device certificate;

initializing, using the processor, a state variable in an on-chip writable memory to an initial value in response to a power up event of a device containing the processor;

generating, using the processor and a function of a secret seed random number and a sequence number, a cryptographic key pair;

identifying a key in the cryptographic key pair, the key comprising one of a public key and a private key in the cryptographic key pair;

incrementing, using the processor, the sequence number;

generating, using the processor, a first random number as a function of the key and the state variable;

creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate being configured to provide a security signature for accessing protected resources by a secure application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

230 Citations

18 Claims

1. A method comprising:
- receiving, using a processor, a request for a device certificate;
  
  initializing, using the processor, a state variable in an on-chip writable memory to an initial value in response to a power up event of a device containing the processor;
  
  generating, using the processor and a function of a secret seed random number and a sequence number, a cryptographic key pair;
  
  identifying a key in the cryptographic key pair, the key comprising one of a public key and a private key in the cryptographic key pair;
  
  incrementing, using the processor, the sequence number;
  
  generating, using the processor, a first random number as a function of the key and the state variable;
  
  creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate being configured to provide a security signature for accessing protected resources by a secure application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising executing at least a portion of the secure application, the executing using at least a portion of the protected resources.
  - 3. The method of claim 1, further comprising clearing the state variable from the on-chip writable memory before a power down event of the device.
  - 4. The method of claim 1, wherein generating the cryptographic key pair comprises using a cryptographically strong encryption algorithm to generate the cryptographic key pair based on the seed random number and the sequence number.
  - 5. The method of claim 1, wherein generating the first random number comprises instructing, using the processor, a pseudorandom number generator to calculate the first random number.
  - 6. The method of claim 1, wherein the cryptographic key pair comprises an elliptic cryptographic key pair.
  - 7. The method of claim 1, wherein the on-chip writable memory comprises an on-chip non-volatile (NV) memory, and the seed random number is stored on the on-chip NV memory.
  - 8. The method of claim 1, wherein the sequence number is a stored sequence number included in the on-chip writable memory.
  - 9. The method of claim 1, wherein the processor comprises a secure processor, and the method is executed in one or more of a game console having the secure processor, a media player having the secure processor, an embedded secure device having the secure processor, or a digital device having the secure processor.

10. A system, comprising:
- an on-chip non-volatile (NV) memory including a secret seed random number;
  
  an on-chip writable memory including a stored sequence number;
  
  a client-side interface associated with a registered client;
  
  a certificate generation module;
  
  wherein, in operation;
  
  the client-side interface is configured to receive a request for a device certificate and to transmit a validated device certificate;
  
  the certificate generation module is configured to;
  
  initialize a state variable in the on-chip writable memory to an initial value in response to a power up event of a device containing the certificate generation module;
  
  generate a cryptographic key pair using a function of the secret seed random number and the sequence number;
  
  identify a key in the cryptographic key pair, the key comprising one of a public key and a private key in the cryptographic key pair;
  
  increment the sequence number;
  
  generate a first random number as a function of the key and the state variable;
  
  create the validated device certificate based on the first random number and the request for the device certificate, the validated device certificate being configured to provide a security signature for accessing protected resources by a secure application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the certificate generation module is configured to facilitate execution of at least a portion of the secure application on the system, the execution using at least a portion of the protected resources.
  - 12. The system of claim 10, wherein the certificate generation module is configured to clear the state variable from the on-chip writable memory before a power down event of the device.
  - 13. The system of claim 10, wherein, when generating the cryptographic key pair, the certificate generation module is configured to use a cryptographically strong encryption algorithm to generate the cryptographic key pair based on the seed random number and the sequence number.
  - 14. The system of claim 10, wherein, when generating the first random number, the certificate generation module is configured to use a cryptographically strong encryption algorithm to instruct a pseudorandom number generator to calculate the first random number.
  - 15. The system of claim 10, wherein the cryptographic key pair comprises an elliptic cryptographic key pair.
  - 16. The system of claim 10, wherein the on-chip writable memory comprises an on-chip non-volatile (NV) memory, and the seed random number is stored on the on-chip NV memory.
  - 17. The system of claim 10, wherein the processor comprises a secure processor, and the method is executed in one or more of a game console having the secure processor, a media player having the secure processor, an embedded secure device having the secure processor, or a digital device having the secure processor.

18. A system, comprising:
- an on-chip non-volatile (NV) memory including a secret seed random number;
  
  an on-chip writable memory including a stored sequence number;
  
  a client-side interface associated with a registered client;
  
  means for generating a certificate;
  
  wherein, in operation;
  
  the client-side interface is configured to receive a request for a device certificate and to transmit a validated device certificate;
  
  the means for generating the certificate is configured to;
  
  initialize a state variable in the on-chip writable memory to an initial value in response to a power up event of a device containing the certificate generation module;
  
  generate a cryptographic key pair using a function of the secret seed random number and the sequence number;
  
  identify a key in the cryptographic key pair, the key comprising one of a public key and a private key in the cryptographic key pair;
  
  increment the sequence number;
  
  generate a first random number as a function of the key and the state variable;
  
  create the validated device certificate based on the first random number and the request for the device certificate, the validated device certificate being configured to provide a security signature for accessing protected resources by a secure application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Srinivasan, Pramila, Princen, John
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/325,266
Publication Number

US 20140325240A1
Time in Patent Office

974 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0869   involving random numbers or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links