Secure software and hardware association technique
First Claim
1. A method for authenticating and associating a program code with an equipment, the method comprising:
- associating critical security information with an original equipment manufacturer (OEM) of the equipment by encrypting the critical security information using a unique secret value, the unique secret value identifying the OEM of the equipment associated with the critical security information, the critical security information including a device authentication key, a chip encryption key, and an image authentication key;
loading the critical security information associated with the OEM of the equipment from a memory at an initial startup time;
retrieving the chip encryption key and the image authentication key stored in the critical security information associated with the OEM of the equipment in the memory by decrypting the critical security information using the unique secret value;
authenticating the program code using the chip encryption key and the image authentication key; and
transferring ownership of the equipment to a new owner by updating the device authentication key of the critical security information with at least one public key of the new owner.
6 Assignments
0 Petitions
Accused Products
Abstract
Authenticated hardware and authenticated software are cryptographically associated using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. In one embodiment, critical security information associated with the equipment is loaded from a memory at startup time. The critical security information is stored in the memory, in encrypted form, using a unique secret value. The secret value is used to retrieve a chip encryption key and one or more image authentication keys that can be used to associate program code with an original equipment manufacturer. These keys are used to authenticate the program code.
-
Citations
40 Claims
-
1. A method for authenticating and associating a program code with an equipment, the method comprising:
-
associating critical security information with an original equipment manufacturer (OEM) of the equipment by encrypting the critical security information using a unique secret value, the unique secret value identifying the OEM of the equipment associated with the critical security information, the critical security information including a device authentication key, a chip encryption key, and an image authentication key; loading the critical security information associated with the OEM of the equipment from a memory at an initial startup time; retrieving the chip encryption key and the image authentication key stored in the critical security information associated with the OEM of the equipment in the memory by decrypting the critical security information using the unique secret value; authenticating the program code using the chip encryption key and the image authentication key; and transferring ownership of the equipment to a new owner by updating the device authentication key of the critical security information with at least one public key of the new owner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for authenticating and associating a program code with an equipment, the method comprising:
-
associating critical security information with an original equipment manufacturer (OEM) of the equipment by encrypting the critical security information using a unique secret value, the unique secret value identifying the OEM of the equipment associated with the critical security information, the critical security information including a chip encryption key and an image authentication key; loading the critical security information associated with the OEM of the equipment from a memory at an initial startup time; retrieving the chip encryption key and the image authentication key stored in the critical security information associated with the OEM of the equipment in the memory by decrypting the critical security information using the unique secret value; authenticating the program code using the chip encryption key and the image authentication key; and assigning the image authentication key to a vendor to allow running of program code associated with the vendor under limited trusted ownership. - View Dependent Claims (20)
-
-
21. A system for authenticating and associating a program code with an equipment, the system comprising:
-
a memory; an associater that associates critical security information with an original equipment manufacturer (OEM) of the equipment by encrypting the critical security information using a unique secret value, the unique secret value identifying the OEM of the equipment associated with the critical security information, the critical security information including a device authentication key, a chip encryption key, and an image authentication key; a loader that loads the critical security information associated with the OEM of the equipment from the memory at an initial startup time; a retriever that retrieves the chip encryption key and the image authentication key stored in the critical security information associated with the OEM of the equipment in the memory by decrypting the critical security information using the unique secret value; and an authenticator that authenticates the program code using the chip encryption key and the image authentication key; and a transferor that transfers ownership of the equipment to a new owner by updating the device authentication key of the critical security information with at least one public key of the new owner. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A system for authenticating and associating a program code with an equipment, the system comprising:
-
a memory; an associater that associates critical security information with an original equipment manufacturer (OEM) of the equipment by encrypting the critical security information using a unique secret value, the unique secret value identifying the OEM of the equipment associated with the critical security information, the critical security information including a chip encryption key and an image authentication key; a loader that loads the critical security information associated with the OEM of the equipment from the memory at an initial startup time; a retriever that retrieves the chip encryption key and the image authentication key stored in the critical security information associated with the OEM of the equipment in the memory by decrypting the critical security information using the unique secret value; and an authenticator that authenticates the program code using the chip encryption key and the image authentication key; and an assigner that assigns the image authentication key to a vendor to allow running of program code associated with the vendor under limited trusted ownership. - View Dependent Claims (40)
-
Specification