Generating and distributing pre-computed data (PCD) assets to a target device
First Claim
Patent Images
1. A method comprising:
- receiving, by a Root Authority (RA) device, data signed by a provisioning device of a cryptographic manager (CM) system, wherein the data comprises definition files that specify an identity and credentials for a Service device of the CM system and an identity and credentials of an Appliance device of the CM system, wherein the RA device is a trusted, offline device that authorizes the Service device and the Appliance device and does not have a persistent connection to the Service device or the Appliance device;
receiving, by the RA device, a first command to create a Module with a placeholder for a pre-computed data (PCD) asset for a target device;
in response to the first command, generating by the RA device, the Module with the placeholder for the PCD asset for the target device;
deploying the Module with the placeholder in the CM system, wherein the deploying of the Module with the placeholder comprises storing, by the RA device, the Module with the placeholder in a removable storage device to transfer the Module with the placeholder to the Service device, wherein the Service device is configured to distribute the Module with the placeholder over a network to the Appliance device;
receiving, by the RA device, a second command to package the PCD asset for the target device, wherein the PCD asset is unique for the target device;
in response to the second command, generating, by the RA device, the PCD asset and packaging, by the RA device, the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device; and
deploying the packaged PCD asset in the CM system for identification and tracking of the target device, wherein the deploying of the packaged PCD comprises storing, by the RA device, the packaged PCD asset in an authorization file in the removable storage device to transfer the PCD asset to the Service device, wherein the authorization file is separate from the Module stored in the removable storage device, wherein the Service device is configured to distribute the PCD asset over the network to the Appliance device, wherein the PCD asset is input into the Module at the Appliance device, wherein the Module is an application that, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision the PCD asset to the target device in an operation phase of a manufacturing lifecycle of the target device.
1 Assignment
0 Petitions
Accused Products
Abstract
The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.
21 Citations
18 Claims
-
1. A method comprising:
receiving, by a Root Authority (RA) device, data signed by a provisioning device of a cryptographic manager (CM) system, wherein the data comprises definition files that specify an identity and credentials for a Service device of the CM system and an identity and credentials of an Appliance device of the CM system, wherein the RA device is a trusted, offline device that authorizes the Service device and the Appliance device and does not have a persistent connection to the Service device or the Appliance device; receiving, by the RA device, a first command to create a Module with a placeholder for a pre-computed data (PCD) asset for a target device; in response to the first command, generating by the RA device, the Module with the placeholder for the PCD asset for the target device; deploying the Module with the placeholder in the CM system, wherein the deploying of the Module with the placeholder comprises storing, by the RA device, the Module with the placeholder in a removable storage device to transfer the Module with the placeholder to the Service device, wherein the Service device is configured to distribute the Module with the placeholder over a network to the Appliance device; receiving, by the RA device, a second command to package the PCD asset for the target device, wherein the PCD asset is unique for the target device; in response to the second command, generating, by the RA device, the PCD asset and packaging, by the RA device, the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device; and deploying the packaged PCD asset in the CM system for identification and tracking of the target device, wherein the deploying of the packaged PCD comprises storing, by the RA device, the packaged PCD asset in an authorization file in the removable storage device to transfer the PCD asset to the Service device, wherein the authorization file is separate from the Module stored in the removable storage device, wherein the Service device is configured to distribute the PCD asset over the network to the Appliance device, wherein the PCD asset is input into the Module at the Appliance device, wherein the Module is an application that, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision the PCD asset to the target device in an operation phase of a manufacturing lifecycle of the target device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A Root Authority (RA) device, the RA device being a trusted, offline device that authorizes a Service device of a cryptographic manager (CM) system and an Appliance device of the CM system, the RA device comprising:
-
a processor; and a removable storage device interface configured to connect to a removable storage device, wherein the removable storage device interface is coupled to the processor, and wherein the RA device does not have a persistent connection to the Service device or the Appliance device, wherein the processor is operable to; receive data signed by a provisioning device of the CM system, wherein the data comprises definition files that specify an identity and credentials for the Service device and an identity and credentials of the Appliance device; receive a first command to create a Module with a placeholder for a precomputed data (PCD) asset for a target device; in response to the first command, generate the Module with the placeholder for the PCD asset for the target device; deploy the Module with the placeholder in the CM system, wherein the processor, to deploy the Module with the placeholder, is to store the Module with placeholder in the removable storage device to transfer the Module with the placeholder to the Service device, wherein the Service device is configured to distribute the Module with the placeholder over a network to the Appliance device; receive a second command to generate the PCD asset for a target device, wherein the PCD asset is unique for the target device; in response to the second command, generate the PCD asset and package the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device; and deploy the packaged PCD asset in the CM system for identification and tracking of the target device, wherein the processor, to deploy the packaged PCD asset, is to store the packaged PCD asset in an authorization file in the removable storage device to transfer the PCD asset to the Service device of the CM system, wherein the authorization file is separate from the Module stored in the removable storage device, wherein the Service device is configured to distribute the PCD asset over the network to the Appliance device of the CM system, wherein the PCD asset is input into the Module at the Appliance device, wherein the Module is an application that, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision the PCD asset to the target device in an operation phase of a manufacturing lifecycle of the target device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification