System and method for product registration

US 9,692,737 B2
Filed: 02/28/2007
Issued: 06/27/2017
Est. Priority Date: 02/28/2006
Status: Active Grant

First Claim

Patent Images

1. A system for providing a cryptographic key to an electronic device during manufacturing of the electronic device, the system comprising:

a controller external in a remote location to the electronic device;

a first server external to the electronic device and the controller; and

at least a second server external to the electronic device and the controller;

wherein the controller is configured to;

divide the cryptographic key into a plurality of portions, all of which are required for use of the cryptographic key and to be added to the electronic device, and wherein the electronic device is operable after all portions from the plurality of portions of the cryptographic key have been added to the electronic device;

in response to receiving a provisioning request generated by the first server, send a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a unique identifier of the module in the first server, and wherein the unique identifier identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key;

distribute a first subset of portions from the plurality of portions of the cryptographic key to the first server and a second subset of portions from the plurality of portions of the cryptographic key to the second server; and

receive, from each of the first server and the second server, a log report indicative of addition of the first subset of portions from the plurality of portions of the cryptographic key and the second subset of portions from the plurality of portions of the cryptographic key, respectively, to the electronic device; and

wherein the first server is configured to authorize the first subset of portions form the plurality of portions to be added to the electronic device,and wherein the second server is configured to authorize the second subset of portions to be added to the electronic device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling a production process for producing a product is provided in which overproduction may be inhibited by introducing a separation of duties within a production process. Typically a producer will contract out the various stages of a production process to multiple contractors. In general, separation of duties involves purposefully separating production stages, for silicon chips or other products, so that the end product has been handled or “touched”, by each subcontractor, in order for the end product to be fully functional.

Citations

48 Claims

1. A system for providing a cryptographic key to an electronic device during manufacturing of the electronic device, the system comprising:
- a controller external in a remote location to the electronic device;
  
  a first server external to the electronic device and the controller; and
  
  at least a second server external to the electronic device and the controller;
  
  wherein the controller is configured to;
  
  divide the cryptographic key into a plurality of portions, all of which are required for use of the cryptographic key and to be added to the electronic device, and wherein the electronic device is operable after all portions from the plurality of portions of the cryptographic key have been added to the electronic device;
  
  in response to receiving a provisioning request generated by the first server, send a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a unique identifier of the module in the first server, and wherein the unique identifier identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key;
  
  distribute a first subset of portions from the plurality of portions of the cryptographic key to the first server and a second subset of portions from the plurality of portions of the cryptographic key to the second server; and
  
  receive, from each of the first server and the second server, a log report indicative of addition of the first subset of portions from the plurality of portions of the cryptographic key and the second subset of portions from the plurality of portions of the cryptographic key, respectively, to the electronic device; and
  
  wherein the first server is configured to authorize the first subset of portions form the plurality of portions to be added to the electronic device,and wherein the second server is configured to authorize the second subset of portions to be added to the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein the controller and the first server are communicatively coupled via a secure connection over a network.
  - 3. The system according to claim 1, further comprising one or more subsequent servers, wherein the controller is further configured to receive log reports indicative of addition of respective portions of the cryptographic key to the electronic device by respective ones of the one or more subsequent servers.
  - 4. The system according to claim 1, wherein the electronic device comprises an integrated circuit (IC).
  - 5. The system according to claim 4, wherein the IC is configured to receive one or more of the portions of the cryptographic key.
  - 6. The system according to claim 1, wherein the electronic device includes a mathematical transform module configured to intercept and transform data flow in the electronic device using the cryptographic key, and wherein the mathematical transform module includes at least a cryptographic transform.
  - 7. The system according to claim 6, wherein the cryptographic transform uses at least one exclusive-or (XOR) operation.
  - 8. The system according to claim 1, wherein the controller is further configured to:
    - in response to receiving a provisioning request generated by the first server, send a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a serial number of the module in the first server, and wherein the serial number identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key.
  - 9. The system according to claim 8, wherein the provisioning response comprises a token ID associated with the first server.
  - 10. The system according to claim 9, wherein the provisioning response further includes information for establishing a secure connection between the controller and the first server.
  - 11. The system according to claim 1, further comprising one or more subsequent servers, wherein the controller is further configured to send at least another portion of the cryptographic key to the one or more subsequent servers.
  - 12. The system according to claim 1, further comprising one or more subsequent servers, wherein the controller is further configured to send out remaining portions of the cryptographic key to respective ones of one or more subsequent servers.
  - 13. The system according to claim 12, wherein the electronic device is only operable after all of the portions of the cryptographic key have been added to the electronic device by the at least first server, the at least second server, and the one or more subsequent servers.

14. A controller configured to provide a cryptographic key, in a plurality of portions, to a plurality of servers, wherein the controller is external in a remote location to an electronic device and at least a first server of the plurality of servers, the controller comprising:
- a non-transitory memory; and
  
  a processor coupled to the non-transitory memory, the processor configured to;
  
  divide the cryptographic key into the plurality of portions, all of which are required for use of the cryptographic key by the electronic device and all of which are to be added to the electronic device, and wherein the electronic device is operable after all portions from the plurality of portions of the cryptographic key have been added to the electronic device;
  
  in response to receiving a provisioning request that is generated by the first server of the plurality servers, send a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a unique identifier of the module in the first server, and wherein the unique identifier identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key;
  
  distribute a first subset of portions from the plurality of portions of the cryptographic key to the first server and a second subset of portions from the plurality of portions of the cryptographic key to at least a second server of the plurality of servers; and
  
  receive, from each of first server and the second server, a log report indicative of addition of the first subset of portions from the plurality of portions of the cryptographic key and the second subset of portions from the plurality of portions of the cryptographic key, respectively, to the electronic device,wherein the first server is configured to authorize the first subset of portions form the plurality of portions to be added to the electronic device, andwherein the second server is configured to authorize the second subset of portions to be added to the electronic device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The controller according to claim 14, wherein the controller and the first server are communicatively coupled via a secure connection over a network.
  - 16. The controller according to claim 14, wherein the processor is further configured to receive log reports indicative of addition of respective portions of the cryptographic key to the electronic device by respective ones of one or more subsequent servers.
  - 17. The controller according to claim 14, wherein the electronic device includes a mathematical transform module configured to intercept and transform data flow in the electronic device using the cryptographic key, and wherein the mathematical transform module includes at least a cryptographic transform.
  - 18. The controller according to claim 17, wherein the cryptographic transform uses at least one exclusive-or (XOR) operation.
  - 19. The controller according to claim 14, wherein the provisioning request includes a serial number of a module in the first server, and wherein the serial number identifies the module of the first server during distribution of the at least one of the plurality of portions of the cryptographic key.
  - 20. The controller according to claim 14, wherein the provisioning response includes a token ID associated with the first server.
  - 21. The controller according to claim 20, wherein the provisioning response further includes information for establishing a secure connection between the controller and the first server.
  - 22. The controller according to claim 14, wherein the processor is further configured to send another portion of the cryptographic key to one or more subsequent servers.
  - 23. The controller according to claim 14, wherein the processor is further configured to send out one or more subsequent portions of the cryptographic key to respective ones of one or more subsequent servers.
  - 24. The controller according to claim 23, wherein the electronic device is only operable after all of the portions of the cryptographic key have been added to the electronic device by the first server and the one or more subsequent servers.
  - 25. The controller of claim 14, wherein at least two or more of the portions of the cryptographic key in the plurality of portions corresponds to a different manufacturing stage of the electronic device, andwherein the at least one of the plurality of portions of the cryptographic key being distributed to the first server based on a manufacturing stage of the electronic device performed by the first server and the manufacturing stage corresponding to at least one portion in the subset of portions of the cryptographic key.
  - 26. The controller of claim 14, wherein the at least one of the plurality of portions of the cryptographic key is distributed separate from remaining portions of the cryptographic key in the plurality of portions of the cryptographic key.

27. A method for a controller to provide a cryptographic key, in a plurality of portions, to a plurality of servers, wherein the controller is external in a remote location to an electronic device and at least a first server of the plurality of servers, the method comprising:
- dividing the cryptographic key into the plurality of portions, all of which are required for use of the cryptographic key and to be added to the electronic device, and wherein the electronic device is operable after all portions from the plurality of portions of the cryptographic key have been added to the electronic device;
  
  in response to receiving a provisioning request that is generated by the first server of the plurality servers, sending a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a unique identifier of the module in the first server, and wherein the unique identifier identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key;
  
  distributing a first subset of portions from the plurality of portions of the cryptographic key to first server and a second subset of portions from the plurality of portions of the cryptographic key to at least a second server of the plurality of servers;
  
  receiving, from each of first server and the second server, a log report indicative of addition of the first subset of portions from the plurality of portions of the cryptographic key and the second subset of portions from the plurality of portions of the cryptographic key, respectively, to the electronic device,wherein the first server is configured to authorize the first subset of portions form the plurality of portions to be added to the electronic device, andwherein the second server is configured to authorize the second subset of portions to be added to the electronic device.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 28. The method according to claim 27, wherein the log report is received via a secure connection over a network.
  - 29. The method according to claim 27, further comprising:
    - receiving log reports indicative of addition of respective portions of the cryptographic key to the electronic device by respective ones of one or more subsequent servers.
  - 30. The method according to claim 27, further comprising:
    - intercepting and transforming, by the electronic device, dataflow in the electronic device using the cryptographic key, and wherein the dataflow is cryptographically transformed.
  - 31. The method according to claim 27, wherein the dataflow is cryptographically transformed uses at least one exclusive-or (XOR) operation.
  - 32. The method to claim 27, wherein the provisioning request includes a serial number of a module in the first server, and wherein the serial number identifies the module of the first server during distribution of the at least one of the plurality of portions of the cryptographic key.
  - 33. The method according to claim 27, wherein the provisioning response includes a token ID associated with the first server.
  - 34. The method to claim 33, wherein the provisioning response further includes information for establishing a secure connection between the controller and the first server.
  - 35. The method according to claim 27, further comprising:
    - sending another portion of the cryptographic key to one or more subsequent servers.
  - 36. The method according to claim 27, further comprising:
    - sending out one or more subsequent portions of the cryptographic key to respective ones of the one or more subsequent servers.
  - 37. The method according to claim 27, further comprising:
    - enabling operation of the electronic device only after all of the portions of the cryptographic key have been added to the electronic device by the first server and the one or more subsequent servers.

38. A non-transitory computer readable storage medium comprising instructions to provide a cryptographic key, in a plurality of portions, to a plurality of servers, wherein the instructions when executed by one or more processors of a computing device external in a remote location to an electronic device and a first server of the plurality of servers, cause the one or more processors to perform operations comprising:
- dividing the cryptographic key into the plurality of portions, all of which are required for use of the cryptographic key and to be added to, and wherein the electronic device is operable after all portions from the plurality of portions of the cryptographic key have been added to the electronic device;
  
  in response to receiving a provisioning request that is generated by the first server of the plurality servers, sending a provisioning response to the first server, wherein the provisioning request comprises identifying information of a module in the first server, wherein the identifying information comprises a unique identifier of the module in the first server, and wherein the unique identifier identifies that module during distribution of the first subset of portions from the plurality of portions of the cryptographic key;
  
  distributing a first subset of portions from the plurality of portions of the cryptographic key to the first server and a second subset of portions from the plurality of portions of the cryptographic key to at least a second server of the plurality of servers; and
  
  receiving, from each of first server and the second server, a log report indicative of addition of the first subset of portions from the plurality of portions of the cryptographic key and the second subset of portions from the plurality of portions of the cryptographic key, respectively, to the electronic device,wherein the first server is configured to authorize the first subset of portions form the plurality of portions to be added to the electronic device, andwherein the second server is configured to authorize the second subset of portions to be added to the electronic device.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 39. The computer readable storage medium according to claim 38, wherein the log report is received via a secure connection over a network.
  - 40. The computer readable storage medium according to claim 38, wherein the operations further comprise:
    - receiving log reports indicative of addition of respective portions of the cryptographic key to the electronic device by respective ones of one or more subsequent servers.
  - 41. The computer readable storage medium according to claim 38, wherein the operations further comprise:
    - intercepting and transforming, by the electronic device, dataflow in the electronic device using the cryptographic key, and wherein the dataflow is cryptographically transformed.
  - 42. The computer readable storage medium according to claim 38, wherein the dataflow is cryptographically transformed uses at least one exclusive-or (XOR) operation.
  - 43. The computer readable storage medium according to claim 38, wherein the provisioning request includes a serial number of a module in the first server, and wherein the serial number identifies the module of the first server during distribution of the subset of portions from the plurality of portions of the cryptographic key.
  - 44. The computer readable storage medium according to claim 38, wherein the provisioning response includes a token ID associated with the first server.
  - 45. The computer readable storage medium according to claim 44, wherein the provisioning response further includes information for establishing a secure connection between the controller and the first server.
  - 46. The computer readable storage medium according to claim 38, wherein the operations further comprise:
    - sending another portion of the cryptographic key to one or more subsequent servers.
  - 47. The computer readable storage medium according to claim 38, wherein the operations further comprise:
    - sending out one or more subsequent portions of the cryptographic key to respective ones of the one or more subsequent servers.
  - 48. The computer readable storage medium according to claim 38, wherein the operations further comprise:
    - enabling operation of the electronic device only after all of the portions of the cryptographic key have been added to the electronic device by the first server and the one or more subsequent servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Neill, Brian, Rosati, Tony, Vadekar, Ashok, O'Loughlin, Daniel, Walters, Anthony J.
Primary Examiner(s)
GRACIA, GARY S

Application Number

US11/711,865
Publication Number

US 20080044026A1
Time in Patent Office

3,772 Days
Field of Search

708400, 380227, 705300, 713150, 713164, 713165
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06Q 10/101   Collaborative creation, e.g...

H04L 63/062   for key distribution, e.g. ...

H04L 9/085   Secret sharing or secret sp...

System and method for product registration

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for product registration

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links