Programming on-chip non-volatile memory in a secure processor using a sequence number

US 9,881,182 B2
Filed: 01/26/2017
Issued: 01/30/2018
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a secure processor having secure cryptography hardware implemented thereon;

a secure on-chip non-volatile (NV) memory coupled to the secure processor, the secure on-chip NV memory having a security kernel receiving instructions from the secure processor, the security kernel containing;

a private key datastore configured to store a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key;

an authenticated security Application Programming Interface (API) coupled to the private key datastore, the authenticated security API configured to provide one or more instructions to gather the device private key from the private key datastore;

a certificate construction engine coupled to the authenticated security API, the certificate construction engine configured to use the device private key to generate a device certificate, the device certificate providing the device with access to the secure application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may be executed by a secure processor having secure cryptography hardware implemented thereon. The method may be executed in a security kernel of a secure on-chip non-volatile (NV) memory coupled to the secure processor. The method may include: storing a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key; providing one or more instructions to gather the device private key and from the private key datastore; and using the device private key to generate a device certificate, the device certificate providing the device with access to the secure application.

Citations

20 Claims

1. A device comprising:
- a secure processor having secure cryptography hardware implemented thereon;
  
  a secure on-chip non-volatile (NV) memory coupled to the secure processor, the secure on-chip NV memory having a security kernel receiving instructions from the secure processor, the security kernel containing;
  
  a private key datastore configured to store a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key;
  
  an authenticated security Application Programming Interface (API) coupled to the private key datastore, the authenticated security API configured to provide one or more instructions to gather the device private key from the private key datastore;
  
  a certificate construction engine coupled to the authenticated security API, the certificate construction engine configured to use the device private key to generate a device certificate, the device certificate providing the device with access to the secure application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein the programmed secret seed comprises a pseudorandom number.
  - 3. The device of claim 1, wherein the programmed secret seed is stored on on-chip read-only memory (ROM) coupled to the secure processor.
  - 4. The device of claim 1, wherein the security kernel uses the programmed secret seed and the rewritable state to generate the device private key.
  - 5. The device of claim 1, wherein the cryptographic key pair comprises an elliptical cryptographic key pair.
  - 6. The device of claim 1, wherein the security kernel identifies the public key in response to a request to execute the secure application.
  - 7. The device of claim 1, wherein the device private key comprises a variable key.
  - 8. The device of claim 1, wherein the certificate construction engine uses the device private key to generate the device certificate in response to a request to validate an electronic ticket provided by the secure application.
  - 9. The device of claim 1, wherein the secure processor loads the security kernel into the secure on-chip NV memory in response to a start-up of the device.
  - 10. The device of claim 1, wherein the device comprises a game console or a media player.

11. A method executed by a secure processor having secure cryptography hardware implemented thereon, the method executed in a security kernel of a secure on-chip non-volatile (NV) memory coupled to the secure processor, the method comprising:
- storing a rewritable state and a device private key based at least in part on a programmed secret seed and the rewritable state, the device private key being part of a cryptographic key pair comprising a public key associated with the device private key, and the rewritable state being a state of a secure application encrypted with the public key;
  
  providing one or more instructions to gather the device private key from a private key datastore;
  
  using the device private key to generate a device certificate, the device certificate providing a device with access to the secure application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the programmed secret seed comprises a pseudorandom number.
  - 13. The method of claim 11, wherein the programmed secret seed is stored on on-chip read-only memory (ROM) coupled to the secure processor.
  - 14. The method of claim 11, wherein the security kernel uses the programmed secret seed and the rewritable state to generate the device private key.
  - 15. The method of claim 11, wherein the cryptographic key pair comprises an elliptical cryptographic key pair.
  - 16. The method of claim 11, wherein the security kernel identifies the public key in response to a request to execute the secure application.
  - 17. The method of claim 11, wherein the device private key comprises a variable key.
  - 18. The method of claim 11, wherein using the device private key to generate the device certificate comprises using the device private key to generate the device certificate in response to a request to validate an electronic ticket provided by the secure application.
  - 19. The method of claim 11, wherein the secure processor loads the security kernel into the secure on-chip NV memory in response to a start-up of the device.
  - 20. The method of claim 11, wherein the secure processor and the secure on-chip NV memory are incorporated into a game console or a media player.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Srinivasan, Pramila, Princen, John
Primary Examiner(s)
Poltorak, Peter

Application Number

US15/416,833
Publication Number

US 20170132433A1
Time in Patent Office

369 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0869   involving random numbers or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Programming on-chip non-volatile memory in a secure processor using a sequence number

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links