Programming on-chip non-volatile memory in a secure processor using a sequence number
First Claim
1. A device comprising:
- a secure processor having secure cryptography hardware implemented thereon;
a secure on-chip non-volatile (NV) memory coupled to the secure processor, the secure on-chip NV memory having a security kernel receiving instructions from the secure processor, the security kernel containing;
a private key datastore configured to store a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key;
an authenticated security Application Programming Interface (API) coupled to the private key datastore, the authenticated security API configured to provide one or more instructions to gather the device private key from the private key datastore;
a certificate construction engine coupled to the authenticated security API, the certificate construction engine configured to use the device private key to generate a device certificate, the device certificate providing the device with access to the secure application.
4 Assignments
0 Petitions
Accused Products
Abstract
A method may be executed by a secure processor having secure cryptography hardware implemented thereon. The method may be executed in a security kernel of a secure on-chip non-volatile (NV) memory coupled to the secure processor. The method may include: storing a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key; providing one or more instructions to gather the device private key and from the private key datastore; and using the device private key to generate a device certificate, the device certificate providing the device with access to the secure application.
-
Citations
20 Claims
-
1. A device comprising:
-
a secure processor having secure cryptography hardware implemented thereon; a secure on-chip non-volatile (NV) memory coupled to the secure processor, the secure on-chip NV memory having a security kernel receiving instructions from the secure processor, the security kernel containing; a private key datastore configured to store a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key; an authenticated security Application Programming Interface (API) coupled to the private key datastore, the authenticated security API configured to provide one or more instructions to gather the device private key from the private key datastore; a certificate construction engine coupled to the authenticated security API, the certificate construction engine configured to use the device private key to generate a device certificate, the device certificate providing the device with access to the secure application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method executed by a secure processor having secure cryptography hardware implemented thereon, the method executed in a security kernel of a secure on-chip non-volatile (NV) memory coupled to the secure processor, the method comprising:
-
storing a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key; providing one or more instructions to gather the device private key from a private key datastore; using the device private key to generate a device certificate, the device certificate providing a device with access to the secure application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification