Tamper-protected hardware and method for using same
First Claim
Patent Images
1. A method for generating a software module, the method comprising:
- providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section,generating a first fingerprint of the entity block using a hash function, wherein the fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block,encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block,combining the entity block and the encrypted fingerprint of the entity block to form an integrity protected entity block,encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block,encrypting the random secret key using the private key of a public key pair, andgenerating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key, wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable;
decryption of an encrypted random secret key of the other software module,decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module,decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module andgeneration of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module,verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, andexecution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified.
0 Assignments
0 Petitions
Accused Products
Abstract
One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.
76 Citations
15 Claims
-
1. A method for generating a software module, the method comprising:
-
providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section, generating a first fingerprint of the entity block using a hash function, wherein the fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block, encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block, combining the entity block and the encrypted fingerprint of the entity block to form an integrity protected entity block, encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block, encrypting the random secret key using the private key of a public key pair, and generating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key, wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable; decryption of an encrypted random secret key of the other software module, decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module, decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module and generation of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module, verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, and execution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for bootstrapping a hardware by executing a set of software modules in a given order, the method comprises realizing a chain of trust by performing the following functionality for each software module of the set of software modules:
-
decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next, decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section, decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, and generating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint, verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint with the generated second fingerprint, only in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next, obtaining a certificate comprising one or more public keys, wherein the one or more public keys are signed by a root certification authority using a private signing key of a signing key pair, the public key of which is provided immune to counterfeit in the hardware, and verifying integrity of the one or more public keys comprises in the certificate using the public key provided immune to counterfeit in the hardware, and wherein decrypting the encrypted random secret key of said one of said set of software modules to be executed next comprises using one verified public key of the certificate and decrypting the encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next comprises using one verified public key of the certificate. - View Dependent Claims (7, 8, 9, 10, 12, 15)
-
-
11. A method for bootstrapping a hardware by executing a set of software modules in a given order, the method comprises realizing a chain of trust by performing the following functionality for each software module of the set of software modules:
-
decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next, decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section, decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, and generating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint, verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint with the generated second fingerprint, and only in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next, wherein the hardware is a tamper-protected hardware module and the functionality provided by the software modules includes at least one of; an interface filter for cooperating with a filter controller of the tamper-protected hardware module and for controlling messages exchanged via an input/output (I/O)-interface of the tamper-protected hardware module for interfacing with a host device comprising the tamper-protected hardware module, a license check module implementing an Identification Friend or Foe (IFF) functionality to analyze the local tamper-protected hardware module, an initial program loader module to coordinate the boot process, an embedded operation system kernel to handle the various operations of the tamper-protected hardware module'"'"'s application module, an implementation of an off-line transaction protocol for a transfer of electronic tokens between two tamper-protected hardware modules, and termination handler of the off-line transaction protocol, in case of an interruption of the execution of the off-line transaction protocol, including a generation of a proof of loss of electronic tokens in response to the off-line transaction protocol terminating in an unfair state, trusted time source handler comprised in the tamper-protected hardware module, on-line refresh handler of the trusted time source, initialization handler of the I/O-key-unit for real-time I/O-encryption and decryption of information exchanged via an I/O-interface of the tamper-protected hardware module, compensation handler for a loss of electronic tokens using a proof of loss of electronic tokens provided in response to the off-line transaction protocol terminating in an unfair state, and a die-wrapping cocoon fingerprint checking handler of the tamper-protected hardware module, wrapped by said cocoon.
-
-
13. A device comprising:
-
a memory to store a set of set of software modules that are to be executed in a given order; and a processor to realize a chain of trust by performing the following operations for each software module of the set of software modules; decrypting, using the public key of a public key pair, an encrypted random secret key of one of said set of software modules to be executed next, decrypting an encrypted and integrity protected entity block of the software module to be executed next, using the decrypted random secret key, to obtain an integrity protected entity block of the software module to be executed, wherein the entity block contains a code block providing an executable piece of software and optionally a data section, decrypting an encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next, and generating another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint, verifying the integrity of the entity block of the integrity protected entity block of the software module to be executed next by comparing the decrypted first fingerprint decrypted with the generated second fingerprint, only in case the integrity of the entity block of the software module to be executed next is successfully verified, executing the executable piece of software of the entity block of the software module to be executed next, obtaining a certificate comprising one or more public keys, wherein the one or more public keys are signed by a root certification authority using a private signing key of a signing key pair, the public key of which is provided immune to counterfeit in the hardware, and verifying integrity of the one or more public keys comprises in the certificate using the public key provided immune to counterfeit in the hardware, and wherein decrypting the encrypted random secret key of said one of said set of software modules to be executed next comprises using one verified public key of the certificate and decrypting the encrypted first fingerprint comprised in the integrity protected entity block of the software module to be executed next comprises using one verified public key of the certificate.
-
-
14. A device comprising:
-
a memory adapted to store an entity block to be included to the software module, the entity block providing an executable piece of software, and a processor adapted to perform the following operations; providing an entity block to be included to the software module, the entity block containing a code block of software and optionally a data section, generating a first fingerprint of the entity block using a hash function, wherein the first fingerprint allows the verification of the integrity of the code block of software and, if present, the data section of said entity block, encrypting the first fingerprint of the entity block using the private key of a public key pair, to generate a digital signature of the entity block, combining the entity block and the encrypted first fingerprint of the entity block to form an integrity protected entity block, encrypting the integrity protected entity block using a random secret key to form an encrypted and integrity protected entity block, encrypting the random secret key using the private key of a public key pair, and generating the software module by combining the encrypted and integrity protected entity block, and the encrypted random secret key, wherein the entity block of the software module comprises instructions to execute another software module, and wherein the instructions enable; decryption of an encrypted random secret key of the other software module, decryption of the encrypted and integrity protected entity block of the other software module using the decrypted random secret key, to obtain the decrypted integrity protected entity block of the other software module, decryption of the encrypted first fingerprint comprised in the integrity protected entity block of the other software module and generation of another second fingerprint of the entity block using the same hash function as used to generate the encrypted fingerprint of the other software module, verification of the integrity of the entity block of the integrity protected entity block of the other software module by comparing the decrypted first fingerprint with the generated second fingerprint, and execution of the entity block of the other software module, only in case the integrity of the entity block of the other software module is verified.
-
Specification