Method, device, and system of provisioning cryptographic data to electronic devices

US 9,705,673 B2
Filed: 09/21/2015
Issued: 07/11/2017
Est. Priority Date: 11/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method of cryptographic material provisioning (CMP), the method comprising:

(a) generating a delegation message at a first provisioning server apparatus,wherein the delegation message indicates provisioning rights that are delegated by the first provisioning server apparatus to a second provisioning server apparatus with regard to subsequent provisioning of cryptographic assets to an electronic device,wherein generating the delegation message comprises at least one of;

(A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning server apparatus using a public key of said electronic device, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device;

(B) inserting into the delegation message a public key of the second provisioning server apparatus, enabling the electronic device to locally generate said association key unknown to the first provisioning server apparatus;

wherein the association key is retrievable by the second provisioning server apparatus based on the public key of the second provisioning server apparatus;

(b) delivering the delegation message from the first provisioning server apparatus to the electronic device;

(c) at the second provisioning server apparatus, provisioning one or more cryptographic assets to the electronic device, using said association key;

wherein generating the delegation message comprises;

inserting into the delegation message a public key of the second provisioning server apparatus, to enable execution of an identification protocol for subsequent personalized provisioning of a cryptographic asset to said electronic device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

56 Citations

View as Search Results

6 Claims

1. A method of cryptographic material provisioning (CMP), the method comprising:
- (a) generating a delegation message at a first provisioning server apparatus,wherein the delegation message indicates provisioning rights that are delegated by the first provisioning server apparatus to a second provisioning server apparatus with regard to subsequent provisioning of cryptographic assets to an electronic device,wherein generating the delegation message comprises at least one of;
  
  (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning server apparatus using a public key of said electronic device, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device;
  
  (B) inserting into the delegation message a public key of the second provisioning server apparatus, enabling the electronic device to locally generate said association key unknown to the first provisioning server apparatus;
  
  wherein the association key is retrievable by the second provisioning server apparatus based on the public key of the second provisioning server apparatus;
  
  (b) delivering the delegation message from the first provisioning server apparatus to the electronic device;
  
  (c) at the second provisioning server apparatus, provisioning one or more cryptographic assets to the electronic device, using said association key;
  
  wherein generating the delegation message comprises;
  
  inserting into the delegation message a public key of the second provisioning server apparatus, to enable execution of an identification protocol for subsequent personalized provisioning of a cryptographic asset to said electronic device.

2. A method of cryptographic material provisioning (CMP), the method comprising:
- (a) generating a delegation message at a first provisioning server apparatus,wherein the delegation message indicates provisioning rights that are delegated by the first provisioning server apparatus to a second provisioning server apparatus with regard to subsequent provisioning of cryptographic assets to an electronic device,wherein generating the delegation message comprises at least one of;
  
  (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning server apparatus using a public key of said electronic device, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device;
  
  (B) inserting into the delegation message a public key of the second provisioning server apparatus, enabling the electronic device to locally generate said association key unknown to the first provisioning server apparatus;
  
  wherein the association key is retrievable by the second provisioning server apparatus based on the public key of the second provisioning server apparatus;
  
  (b) delivering the delegation message from the first provisioning server apparatus to the electronic device;
  
  (c) at the second provisioning server apparatus, provisioning one or more cryptographic assets to the electronic device, using said association key;
  
  wherein generating the delegation message comprises;
  
  inserting into the delegation message one or more flags indicating to the electronic device whether the second provisioning server apparatus is authorized to provision;
  
  (X) only personalized cryptographic assets, or (Y) only class-wide cryptographic assets for a class of multiple electronic devices, or (Z) both personalized and class-wide cryptographic assets.

3. A method of cryptographic material provisioning (CMP), the method comprising:
- (a) generating a delegation message at a first provisioning server apparatus,wherein the delegation message indicates provisioning rights that are delegated by the first provisioning server apparatus to a second provisioning server apparatus with regard to subsequent provisioning of cryptographic assets to an electronic device,wherein generating the delegation message comprises at least one of;
  
  (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning server apparatus using a public key of said electronic device, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device;
  
  (B) inserting into the delegation message a public key of the second provisioning server apparatus, enabling the electronic device to locally generate said association key unknown to the first provisioning server apparatus;
  
  wherein the association key is retrievable by the second provisioning server apparatus based on the public key of the second provisioning server apparatus;
  
  (b) delivering the delegation message from the first provisioning server apparatus to the electronic device;
  
  (c) at the second provisioning server apparatus, provisioning one or more cryptographic assets to the electronic device, using said association key;
  
  prior to provisioning a particular cryptographic asset from the second provisioning server apparatus to the electronic device, performing;
  
  acquiring by the second provisioning server apparatus an authorization ticket, from an authorization server apparatus, indicating that the second provisioning server apparatus is authorized to provision the particular cryptographic asset to said electronic device.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 3, wherein said acquiring of the authorization ticket is triggered by a flag, indicating that authorization is required for each provisioning event performed by the second provisioning server apparatus, wherein the flag is located in a server certificate issued by said authorization server apparatus to the second provisioning server apparatus.
  - 5. The method of claim 3, wherein the acquiring comprises:
    - at the second provisioning server apparatus, contacting the authorization server apparatus to present to the authorization server apparatus (A) a server certificate of the second provisioning server apparatus, and (B) a hash of the particular cryptographic asset intended to be provisioned by the second provisioning server apparatus to the electronic device.
  - 6. The method of claim 5, wherein the acquiring further comprises:
    - receiving at the second provisioning server apparatus, from said authorization server apparatus, said authorization ticket which comprises a digital signature by the authorization server apparatus on the hash of the particular cryptographic asset intended to be provisioned by the second provisioning server apparatus to the electronic device;
      
      wherein said digital signature enables said electronic device to verify said particular cryptographic asset prior to storing said particular cryptographic asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
ARM Technologies Israel Ltd.
Inventors
Shen, Asaf, Bar-El, Hagai, Klimov, Alexander
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US14/859,364
Publication Number

US 20170063537A1
Time in Patent Office

659 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/0877   using additional device, e....

H04L 9/088   Usage controlling of secret...

Method, device, and system of provisioning cryptographic data to electronic devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method, device, and system of provisioning cryptographic data to electronic devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links