Cryptography chip with identity verification

US 11,023,620 B2
Filed: 09/30/2019
Issued: 06/01/2021
Est. Priority Date: 03/29/2019
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for performing cryptographic operations subject to identity verification, the method comprising:

receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations;

decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip;

determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and

in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing cryptographic operations subject to identity verification. One of the methods includes receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client including client identity information, wherein the cryptography chip includes a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations, and identity information associated with clients that are permitted to request cryptographic operations; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations; and performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.

72 Citations

30 Claims

1. A computer-implemented method for performing cryptographic operations subject to identity verification, the method comprising:
- receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations;
  
  decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip;
  
  determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and
  
  in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer-implemented method of claim 1, wherein the requested cryptographic operation is an encryption operation, a decryption operation, a digital signature verification operation, or a digital signature generation operation.
  - 3. The computer-implemented method of claim 1, wherein the cryptography chip is a field-programmable gate array (FPGA), an application specific integrated circuit (ASIC), or a microprocessor.
  - 4. The computer-implemented method of claim 1, wherein the request includes data, and wherein the cryptography chip performs the requested cryptographic operation on the data.
  - 5. The computer-implemented method of claim 1, wherein the cryptography chip includes an operating system executed by the processing resource to operate a computer system in which the cryptography chip is included.
  - 6. The computer-implemented method of claim 1, wherein the request is a first request, the requested cryptographic operation is a first requested cryptographic operation, the client identity information is first client identity information, the method further comprising:
    - receiving, by the cryptography chip, a second request to perform a second requested cryptographic operation from a second client, wherein the second request includes second client identity information associated with the second client; and
      
      determining, by the cryptography chip, that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations based on comparing the second client identity information to the decrypted identity information,wherein, in response to determining that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations, the cryptography chip does not perform the second requested cryptographic operation.
  - 7. The computer-implemented method of claim 1, further comprising:
    - determining, by the cryptography chip, that one or more requests to perform cryptographic operations are malicious based on the requests not including client identity information associated with any one of the clients that are permitted to request cryptographic operations; and
      
      in response to determining that the one or more requests to perform cryptographic operations are malicious, clearing, by the cryptography chip, the encrypted identity information and the key information from the storage resource.
  - 8. The computer-implemented method of claim 1, wherein the cryptography chip is a field-programmable gate array (FPGA), and the method further comprising:
    - receiving, by the cryptography chip, a request to reprogram the cryptography chip including reprogramming information; and
      
      in response to receiving the request, replacing, by the cryptography chip, information stored in the storage resource with the reprogramming information.
  - 9. The computer-implemented method of claim 1, wherein the client identity information comprises biometric information associated with the client.
  - 10. The computer-implemented method of claim 9, wherein the client identity information is received from a biometric device included in the cryptography chip.
  - 11. The computer-implemented method of claim 1, wherein the key included in the software instructions is encrypted, and wherein decrypting, by the cryptography chip, the encrypted identity information comprises:
    - decrypting the encrypted key included in the software instructions.
  - 12. The computer-implemented method of claim 1, wherein the storage resource stores program logic executable by the processing resource to perform the requested cryptographic operation, andwherein the program logic is stored unencrypted.
  - 13. The computer-implemented method of claim 1, wherein the cryptography chip includes a physical interface, and wherein receiving the request to perform the requested cryptographic operation comprises:
    - receiving a selection of a desired cryptographic operation through the interface from the client.
  - 14. The computer-implemented method of claim 13, wherein the client is a user, and wherein receiving the selection of the desired cryptographic operation comprises receiving an input by the user through the physical interface.

15. A non-transitory, computer-readable storage medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations;
  
  decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip;
  
  determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and
  
  in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The non-transitory, computer-readable storage medium of claim 15, wherein the requested cryptographic operation is an encryption operation, a decryption operation, a digital signature verification operation, or a digital signature generation operation.
  - 17. The non-transitory, computer-readable storage medium of claim 15, wherein the cryptography chip is a field-programmable gate array (FPGA), an application specific integrated circuit (ASIC), or a microprocessor.
  - 18. The non-transitory, computer-readable storage medium of claim 15, wherein the request includes data, and wherein the cryptography chip performs the requested cryptographic operation on the data.
  - 19. The non-transitory, computer-readable storage medium of claim 15, wherein the cryptography chip includes an operating system executed by the processing resource to operate a computer system in which the cryptography chip is included.
  - 20. The non-transitory, computer-readable storage medium of claim 15, wherein the request is a first request, the requested cryptographic operation is a first requested cryptographic operation, the client identity information is first client identity information, and the operations further comprise:
    - receiving a second request to perform a second requested cryptographic operation from a second client, wherein the second request includes second client identity information associated with the second client; and
      
      determining that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations based on comparing the second client identity information to the decrypted identity information,wherein, in response to determining that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations not performing the second requested cryptographic operation.
  - 21. The non-transitory, computer-readable storage medium of claim 15, wherein the operations further comprise:
    - determining that one or more requests to perform cryptographic operations are malicious based on the requests not including client identity information associated with any one of the clients that are permitted to request cryptographic operations; and
      
      in response to determining that the one or more requests to perform cryptographic operations are malicious, clearing, the encrypted identity information and the key information from the storage resource.
  - 22. The non-transitory, computer-readable storage medium of claim 15, wherein the storage medium comprises a cryptography chip programmed on a field-programmable gate array (FPGA), and the operations further comprise:
    - receiving, by the cryptography chip, a request to reprogram the cryptography chip including reprogramming information; and
      
      in response to receiving the request, replacing, by the cryptography chip, information stored in the storage resource with the reprogramming information.

23. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations;
  
  decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip;
  
  determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and
  
  in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The system of claim 23, wherein the requested cryptographic operation is an encryption operation, a decryption operation, a digital signature verification operation, or a digital signature generation operation.
  - 25. The system of claim 23, wherein the cryptography chip is a field-programmable gate array (FPGA), an application specific integrated circuit (ASIC), or a microprocessor.
  - 26. The system of claim 23, wherein the request includes data, and wherein the cryptography chip performs the requested cryptographic operation on the data.
  - 27. The system of claim 23, wherein the cryptography chip includes an operating system executed by the processing resource to operate a computer system in which the cryptography chip is included.
  - 28. The system of claim 23, wherein the request is a first request, the requested cryptographic operation is a first requested cryptographic operation, the client identity information is first client identity information, and wherein the operations further comprise:
    - receiving a second request to perform a second requested cryptographic operation from a second client, wherein the second request includes second client identity information associated with the second client; and
      
      determining that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations based on comparing the second client identity information to the decrypted identity information,wherein, in response to determining that the second client identity information is not associated with one of the clients that are permitted to request cryptographic operations, not performing the second requested cryptographic operation.
  - 29. The system of claim 23, wherein the operations further comprise:
    - determining that one or more requests to perform cryptographic operations are malicious based on the requests not including client identity information associated with any one of the clients that are permitted to request cryptographic operations; and
      
      in response to determining that the one or more requests to perform cryptographic operations are malicious, clearing the encrypted identity information and the key information from the storage resource.
  - 30. The system of claim 23 comprising a cryptography chip programmed on a field-programmable gate array (FPGA), and wherein the operations further comprise:
    - receiving, by the cryptography chip, a request to reprogram the cryptography chip including reprogramming information; and
      
      in response to receiving the request, replacing, by the cryptography chip, information stored in the storage resource with the reprogramming information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Inventors
Feng, Zhiyuan, Li, Yanpeng, Cheng, Long
Primary Examiner(s)
Revak, Christopher A

Application Number

US16/587,901
Publication Number

US 20200311315A1
Time in Patent Office

610 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/70   Protecting specific interna...

G06F 21/72   in cryptographic circuits

G06F 21/76   in application-specific int...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Cryptography chip with identity verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptography chip with identity verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links