Tamper-protected hardware and method for using same

US 9,893,898 B2
Filed: 08/19/2016
Issued: 02/13/2018
Est. Priority Date: 03/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for generating a software module, the method comprising:

providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section,generating a first fingerprint of the entity block using a hash function, wherein the fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block,encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block,combining the entity block and the encrypted fingerprint of the entity block to form an integrity protected entity block,encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block,encrypting the random secret key using the private key of a public key pair, andgenerating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key, wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable;

decryption of an encrypted random secret key of the other software module,decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module,decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module andgeneration of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module,verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, andexecution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.

76 Citations

View as Search Results

15 Claims

1. A method for generating a software module, the method comprising:
- providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section,generating a first fingerprint of the entity block using a hash function, wherein the fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block,encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block,combining the entity block and the encrypted fingerprint of the entity block to form an integrity protected entity block,encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block,encrypting the random secret key using the private key of a public key pair, andgenerating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key, wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable;
  
  decryption of an encrypted random secret key of the other software module,decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module,decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module andgeneration of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module,verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, andexecution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the integrity protected entity block is encrypted using symmetric-key encryption.
  - 3. The method according to claim 1, further comprising compressing the entity block prior to encrypting and combining the entity block and the encrypted first fingerprint thereof to form the integrity protected entity block.
  - 4. The method according to claim 1, wherein the private key used for encrypting the first fingerprint is different from the private key used for encrypting the random secret key.
  - 5. The method according to claim 4, wherein the public keys corresponding to the private keys for encrypting the first fingerprint and random secret key, respectively, are signed by a root certification authority using a private signing key of a signing key pair, the public key of which is provided immune to counterfeit in a device to execute the software module.

6. A method for bootstrapping a hardware by executing a set of software modules in a given order, the method comprises realizing a chain of trust by performing the following functionality for each software module of the set of software modules:
- decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next,decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section,decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, andgenerating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint,verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint with the generated second fingerprint,only in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next,obtaining a certificate comprising one or more public keys, wherein the one or more public keys are signed by a root certification authority using a private signing key of a signing key pair, the public key of which is provided immune to counterfeit in the hardware, andverifying integrity of the one or more public keys comprises in the certificate using the public key provided immune to counterfeit in the hardware, andwherein decrypting the encrypted random secret key of said one of said set of software modules to be executed next comprises using one verified public key of the certificate anddecrypting the encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next comprises using one verified public key of the certificate.
- View Dependent Claims (7, 8, 9, 10, 12, 15)
- - 7. The method according to claim 6, wherein said functionality is implemented in hardware.
  - 8. The method according to claim 6, wherein the functionality to obtain the certificate and to verify integrity of the one or more public keys comprises in the certificate for the first software module of the set of software modules is implemented in hardware.
  - 9. The method according to claim 6, wherein the functionality is implemented in software within the entity block of the software module executed prior to said given software module.
  - 10. The method according to claim 6, wherein the unsuccessful execution of one or more of steps of said functionality performed for each software module results in interrupting the bootstrapping of the hardware makes the hardware temporarily or permanently unusable.
  - 12. The method according to claim 6, further comprising receiving an update of one or more of the software modules from a third party.
  - 15. The method according to claim 6, wherein the functionality is implemented in software within the entity block of the software module executed prior to said given software module.

11. A method for bootstrapping a hardware by executing a set of software modules in a given order, the method comprises realizing a chain of trust by performing the following functionality for each software module of the set of software modules:
- decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next,decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section,decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, andgenerating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint,verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint with the generated second fingerprint, andonly in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next, wherein the hardware is a tamper-protected hardware module and the functionality provided by the software modules includes at least one of;
  
  an interface filter for cooperating with a filter controller of the tamper-protected hardware module and for controlling messages exchanged via an input/output (I/O)-interface of the tamper-protected hardware module for interfacing with a host device comprising the tamper-protected hardware module,a license check module implementing an Identification Friend or Foe (IFF) functionality to analyze the local tamper-protected hardware module,an initial program loader module to coordinate the boot process,an embedded operation system kernel to handle the various operations of the tamper-protected hardware module'"'"'s application module,an implementation of an off-line transaction protocol for a transfer of electronic tokens between two tamper-protected hardware modules, andtermination handler of the off-line transaction protocol, in case of an interruption of the execution of the off-line transaction protocol, including a generation of a proof of loss of electronic tokens in response to the off-line transaction protocol terminating in an unfair state,trusted time source handler comprised in the tamper-protected hardware module,on-line refresh handler of the trusted time source,initialization handler of the I/O-key-unit for real-time I/O-encryption and decryption of information exchanged via an I/O-interface of the tamper-protected hardware module,compensation handler for a loss of electronic tokens using a proof of loss of electronic tokens provided in response to the off-line transaction protocol terminating in an unfair state, anda die-wrapping cocoon fingerprint checking handler of the tamper-protected hardware module, wrapped by said cocoon.

13. A device comprising:
- a memory to store a set of set of software modules that are to be executed in a given order; and
  
  a processor to realize a chain of trust by performing the following operations for each software module of the set of software modules;
  
  decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next,decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section,decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, andgenerating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint,verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint decrypted with the generated second fingerprint,only in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next,obtaining a certificate comprising one or more public keys, wherein the one or more public keys are signed by a root certification authority using a private signing key of a signing key pair, the public key of which is provided immune to counterfeit in the hardware, andverifying integrity of the one or more public keys comprises in the certificate using the public key provided immune to counterfeit in the hardware, andwherein decrypting the encrypted random secret key of said one of said set of software modules to be executed next comprises using one verified public key of the certificate anddecrypting the encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next comprises using one verified public key of the certificate.

14. A device comprising:
- a memory adapted to store an entity block to be included to the software module, the entity block providing an executable piece of software, anda processor adapted to perform the following operations;
  
  providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section,generating a first fingerprint of the entity block using a hash function, wherein the first fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block,encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block,combining the entity block and the encrypted first fingerprint of the entity block to form an integrity protected entity block,encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block,encrypting the random secret key using the private key of a public key pair, andgenerating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key,wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable;
  
  decryption of an encrypted random secret key of the other software module,decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module,decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module andgeneration of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module,verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, andexecution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emsycon GmbH
Original Assignee
Emsycon GmbH
Inventors
Kreft, Heinz
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US15/241,391
Publication Number

US 20160359636A1
Time in Patent Office

543 Days
Field of Search

713156, 713177
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/45   Structures or tools for the...

G06F 21/57   Certifying or maintaining t...

G06F 21/71   to assure secure computing ...

G06F 21/73   by creating or determining ...

G06F 21/87   by means of encapsulation, ...

G06Q 20/223   based on the use of peer-to...

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G09C 1/00   Apparatus or methods whereb...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04L 9/3268 : using certificate validatio...

H04L 9/3278 : using physically unclonable...

View All

Tamper-protected hardware and method for using same

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Tamper-protected hardware and method for using same

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others