Apparatus and method for a multi-entity secure software transfer

US 10,798,108 B2
Filed: 11/14/2014
Issued: 10/06/2020
Est. Priority Date: 11/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method for a multi-entity secure software transfer, comprising:

configuring a first communication interface controller at a first hardware entity and a second communication interface controller at a second hardware entity to disallow all external access to the respective first hardware entity and the second hardware entity except a communication link configuration access;

establishing a communication link between the first hardware entity and the second hardware entity subsequent to the configuring;

receiving the secure software at the first hardware entity from the second hardware entity via the communication link;

writing the secure software to a temporary storage at the first hardware entity;

copying the secure software from the temporary storage to a secure storage at the first hardware entity;

retrieving from a non-volatile storage at the first hardware entity a public key; and

authenticating the secure software in the secure storage using the public key.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system embodying the method for a multi-entity secure software transfer are disclosed, the method operating by: configuring a communication interface controller at each trusted hardware entity of a first hardware entity and a second hardware entity to disallow all external access except a communication link configuration access; establishing the communication link between the first hardware entity and the second hardware entity; configuring write access from the second hardware entity to only a first storage at the first hardware entity; and writing the secure software received from the second hardware entity via the communication link to the first storage at the first hardware entity.

Citations

21 Claims

1. A method for a multi-entity secure software transfer, comprising:
- configuring a first communication interface controller at a first hardware entity and a second communication interface controller at a second hardware entity to disallow all external access to the respective first hardware entity and the second hardware entity except a communication link configuration access;
  
  establishing a communication link between the first hardware entity and the second hardware entity subsequent to the configuring;
  
  receiving the secure software at the first hardware entity from the second hardware entity via the communication link;
  
  writing the secure software to a temporary storage at the first hardware entity;
  
  copying the secure software from the temporary storage to a secure storage at the first hardware entity;
  
  retrieving from a non-volatile storage at the first hardware entity a public key; and
  
  authenticating the secure software in the secure storage using the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, further comprising:
    - retrieving from the non-volatile storage an encryption key; and
      
      decrypting the secure software in the secure storage using the encryption key.
  - 3. The method as claimed in claim 1, wherein both the first hardware entity and the second hardware entity are trusted hardware entities.
  - 4. The method as claimed in claim 3, further comprising:
    - programming an authentication key into the non-volatile storage at the first hardware entity and into a non-volatile storage at the second hardware entity by a manufacturer of the hardware entities.
  - 5. The method as claimed in claim 3, further comprising:
    - determining presence of a link key in the non-volatile storage at the first hardware entity; and
      
      establishing the link key and programming the link key into the non-volatile storage at the first hardware entity when the link key is not present.
  - 6. The method as claimed in claim 5, further comprising:
    - retrieving from the non-volatile storage at the first hardware entity the link key; and
      
      encrypting the communication over the communication link by the link key.
  - 7. The method as claimed in claim 5, wherein the establishing the link key comprises:
    - retrieving an authentication key from the non-volatile storage at the first hardware entity;
      
      establishing trust between the first hardware entity and the second hardware entity using the authentication key; and
      
      establishing the link key by a key-exchange algorithm.
  - 8. The method as claimed in claim 3, further comprising:
    - determining presence of a link key in a non-volatile storage at the second hardware entity; and
      
      establishing the link key and programming the link key into the non-volatile storage at the second hardware entity when the link key is not present.
  - 9. The method as claimed in claim 8, further comprising:
    - retrieving from the non-volatile storage at the second hardware entity the link key; and
      
      encrypting the communication over the communication link by the link key.
  - 10. The method as claimed in claim 9, further comprising:
    - configuring the first communication interface controller and the second communication interface controller to increase the level of external access.
  - 11. The method as claimed in claim 8, wherein the establishing the link key comprises:
    - retrieving an authentication key from the non-volatile storage at the second hardware entity;
      
      establishing trust between the first hardware entity and the second hardware entity using the authentication key; and
      
      establishing the link key by a key-exchange algorithm.

12. An apparatus for a multi-entity secure software transfer, comprising:
- a first hardware entity, comprising a first communication interface controller, a first hardware entity secure storage comprising the secure software, and a first hardware entity controller communicatively coupled to the first communication interface controller and the first hardware entity secure storage; and
  
  a second hardware entity, comprising a second communication interface controller, a second hardware entity temporary storage, a second hardware entity secure storage, a second hardware entity non-volatile storage, and a second hardware entity controller communicatively coupled to the second communication interface controller and the second hardware entity temporary storage;
  
  wherein;
  
  the first hardware entity controller and the second hardware entity controller are configured to cause the respective entity'"'"'s communication interface controller to;
  
  disallow all external access to the respective first hardware entity and the second hardware entity except a communication link configuration access and subsequently establish a communication link;
  
  the first hardware entity controller is configured to cause transmission of the secure software over the communication link; and
  
  the second hardware entity controller is further configured to allow write access from the first hardware entity to only the second hardware entity temporary storage, to write to the second hardware entity temporary storage the secure software received over the communication link from the first hardware entity, to copy the secure software from the second hardware entity temporary storage to the second hardware entity secure storage, to retrieve from the second hardware entity non-volatile storage a public key, and to authenticate the secure software in the second hardware entity secure storage using the public key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The apparatus as claimed in claim 12, wherein the second hardware entity controller is further configured to:
    - retrieve from the second hardware entity non-volatile storage an encryption key; and
      
      decrypt the secure software in the second hardware entity secure storage using the encryption key.
  - 14. The apparatus as claimed in claim 12, wherein both the first hardware entity and the second hardware entity are trusted hardware entities.
  - 15. The apparatus as claimed in claim 14, wherein the first hardware entity further comprises:
    - a first hardware entity non-volatile storage;
      
      wherein an authentication key is programmed into the first hardware entity non-volatile storage and the second hardware entity non-volatile storage by a manufacturer of the hardware entities.
  - 16. The apparatus as claimed in claim 14, wherein the first hardware entity controller is further configured to:
    - determine presence of a link key in a first hardware entity non-volatile storage;
      
      establish the link key; and
      
      program the link key into the first hardware entity non-volatile storage when the link key is not present.
  - 17. The apparatus as claimed in claim 16, wherein the first hardware entity controller is further configured to:
    - retrieve from the first hardware entity non-volatile storage the link key;
      
      encrypt the communication over the communication link by the link key; and
      
      configure the first communication interface controller to increase the level of external access.
  - 18. The apparatus as claimed in claim 16, wherein the link key is established by the first hardware entity controller, wherein the first hardware entity controller is further configured to:
    - retrieve an authentication key from the first hardware entity non-volatile storage;
      
      establish trust between the first hardware entity and the second hardware entity using the authentication key; and
      
      establish the link key by a key-exchange algorithm.
  - 19. The apparatus as claimed in claim 14, wherein the second hardware entity controller is further configured to:
    - determine presence of a link key in the second hardware entity non-volatile storage;
      
      establish the link key; and
      
      program the link key into the second hardware entity non-volatile storage when the link key is not present.
  - 20. The apparatus as claimed in claim 19, wherein the second hardware entity controller is further configured to:
    - retrieve from the second hardware entity non-volatile storage the link key;
      
      encrypt the communication over the communication link by the link key; and
      
      configure the second communication interface controller to increase the level of external access.
  - 21. The apparatus as claimed in claim 19, wherein the link key is established by the second hardware entity controller, wherein the second hardware entity controller is further configured to:
    - retrieve an authentication key from the second hardware entity non-volatile storage;
      
      establish trust between the first hardware entity and the second hardware entity using the authentication key; and
      
      establish the link key by a key-exchange algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Inventors
Snyder, II, Wilson Parkhurst
Primary Examiner(s)
Davis, Zachary A.

Application Number

US14/542,383
Publication Number

US 20160142386A1
Time in Patent Office

2,153 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/126   the source of the received ...

H04L 67/141   Setup of application sessio...

H04L 67/34   involving the movement of s...

Apparatus and method for a multi-entity secure software transfer

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for a multi-entity secure software transfer

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links