System for and method of cryptographic provisioning
First Claim
1. A method of provisioning a memory card with cryptographic parameters, wherein the memory card comprises a field programmable gate array (FPGA), a first nonvolatile memory, a second nonvolatile memory, and a cryptographic coprocessor, the method comprising:
- storing a key generating programming fabric in the FPGA;
storing a module identification and a random seed in the first nonvolatile memory;
executing the key generation program to generate a bootstrap key and a memory protection key when the key generating program fabric is determined to be secure, wherein the bootstrap key and the memory protection key are generated using at least one of;
the module identification and the random seed;
encrypting, using the key generating programming fabric, the memory protection key with the bootstrap key using the cryptographic coprocessor to produce an encrypted memory protection key and an encryption authentication tag, wherein the encrypted memory protection key and the encryption authentication tag are stored in the second nonvolatile memory, wherein the encryption authentication tag is compared to a decrypted authentication tag that is generated from decrypting the encrypted memory protection key to determine disablement of one or more operations of the memory card; and
passing the encrypted memory protection key outside the memory card using the key generating programming fabric.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.
-
Citations
24 Claims
-
1. A method of provisioning a memory card with cryptographic parameters, wherein the memory card comprises a field programmable gate array (FPGA), a first nonvolatile memory, a second nonvolatile memory, and a cryptographic coprocessor, the method comprising:
-
storing a key generating programming fabric in the FPGA; storing a module identification and a random seed in the first nonvolatile memory; executing the key generation program to generate a bootstrap key and a memory protection key when the key generating program fabric is determined to be secure, wherein the bootstrap key and the memory protection key are generated using at least one of;
the module identification and the random seed;encrypting, using the key generating programming fabric, the memory protection key with the bootstrap key using the cryptographic coprocessor to produce an encrypted memory protection key and an encryption authentication tag, wherein the encrypted memory protection key and the encryption authentication tag are stored in the second nonvolatile memory, wherein the encryption authentication tag is compared to a decrypted authentication tag that is generated from decrypting the encrypted memory protection key to determine disablement of one or more operations of the memory card; and passing the encrypted memory protection key outside the memory card using the key generating programming fabric. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for provisioning a memory card with cryptographic parameters, wherein the memory card comprises a field programmable gate array (FPGA), a first nonvolatile memory, a second nonvolatile memory, and a cryptographic coprocessor, the system comprising:
a processor that performs the following steps; storing a key generating programming fabric in the FPGA; storing a module identification and a random seed in the first nonvolatile memory; executing the key generation program to generate a bootstrap key and a memory protection key when the key generating program fabric is determined to be secure, wherein the bootstrap key and the memory protection key are generated using at least one of;
the module identification and the random seed;encrypting, using the key generating programming fabric, the memory protection key with the bootstrap key using the cryptographic coprocessor to produce an encrypted memory protection key and an encryption authentication tag, wherein the encrypted memory protection key and the encryption authentication tag are stored in the second nonvolatile memory, wherein the encryption authentication tag is compared to a decrypted authentication tag that is generated from decrypting the encrypted memory protection key to determine disablement of one or more operations of the memory card; and passing the encrypted memory protection key outside the memory card using the key generating programming fabric. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
Specification