Updating cryptographic key pair
First Claim
Patent Images
1. A system-on-chip, comprising:
- a processor;
an electrically erasable programmable non-volatile memory; and
a fuse-based memory having a plurality of prime numbers stored therein, and having a plurality of indices each associated with a respective pair of prime numbers from the plurality of prime numbers, wherein the fuse-based memory includes a fuse-based structure configured to remain unchanged after being burnt;
wherein the processor is configured to;
retrieve a first pair of prime numbers associated with a first index of the indices from the fuse-based memory;
derive a first private key using the first pair of prime numbers;
use the first private key with an asymmetric cryptographic algorithm for performing cryptographic operations;
detect a trigger event for generating a new cryptographic key;
in response to the detected trigger event, retrieve a second pair of prime numbers associated with a second index of the indices from the fuse-based memory, and derive a second private key for the asymmetric cryptographic algorithm as a new cryptographic key, using the second pair of prime numbers; and
use the second private key for performing additional cryptographic operations.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device has a processor and a persistent memory, e.g., a fuse-based memory, storing two or more reduced sets of information. The processor is configured to derive a first cryptographic key using a first reduced set of information, e.g., prime numbers, and to use the first cryptographic key for performing cryptographic operations. The processor is also configured to detect a trigger event and, in response to the detected trigger event, derive a second cryptographic key using a second reduced set of information. The processor can then use the second cryptographic key for performing cryptographic operations.
-
Citations
20 Claims
-
1. A system-on-chip, comprising:
-
a processor; an electrically erasable programmable non-volatile memory; and a fuse-based memory having a plurality of prime numbers stored therein, and having a plurality of indices each associated with a respective pair of prime numbers from the plurality of prime numbers, wherein the fuse-based memory includes a fuse-based structure configured to remain unchanged after being burnt; wherein the processor is configured to; retrieve a first pair of prime numbers associated with a first index of the indices from the fuse-based memory; derive a first private key using the first pair of prime numbers; use the first private key with an asymmetric cryptographic algorithm for performing cryptographic operations; detect a trigger event for generating a new cryptographic key; in response to the detected trigger event, retrieve a second pair of prime numbers associated with a second index of the indices from the fuse-based memory, and derive a second private key for the asymmetric cryptographic algorithm as a new cryptographic key, using the second pair of prime numbers; and use the second private key for performing additional cryptographic operations. - View Dependent Claims (2, 3, 4)
-
-
5. A computing device, comprising:
-
a processor; and a persistent memory having reduced sets of information stored therein, the reduced sets of information comprising parameters for deriving cryptographic keys, wherein the reduced sets of information have fewer bits than the cryptographic keys, and the persistent memory is configured to remain unchanged after being written; wherein the processor is configured to; retrieve a first reduced set of information from the persistent memory; derive a first cryptographic key using the first reduced set of the reduced sets of information; use the first cryptographic key for performing cryptographic operations; detect a trigger event for generating a new cryptographic key; in response to the detected trigger event, retrieve a second reduced set of information from the persistent memory and derive a second cryptographic key as a new cryptographic key, using the second reduced set of the reduced sets of information; and use the second cryptographic key for performing the cryptographic operations. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computing device, comprising:
-
a processor; and a fuse-based memory having a plurality of prime numbers stored therein by a provisioning system, wherein the fuse-based memory includes a fuse-based structure configured to remain unchanged after being burnt; wherein the processor is configured to; retrieve two or more pairs of prime numbers of the plurality of prime numbers from the fuse-based memory; assign an index to each selected pair of prime numbers; derive a first private key associated with an asymmetric cryptographic algorithm using a first pair of the prime numbers associated with a first index; use the first private key for performing cryptographic operations; detect a trigger event for generating a new cryptographic key; in response to the detected trigger event, derive a second private key associated with the asymmetric cryptographic algorithm as a new cryptographic key, using a second pair of the prime numbers associated with a second index; and use the second private key for performing the cryptographic operations. - View Dependent Claims (18, 19, 20)
-
Specification