Establishing a unique session key using a hardware functionality scan

US 9,436,804 B2
Filed: 09/15/2005
Issued: 09/06/2016
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. One or more computer storage devices having instructions stored thereon that, when executed by a computing device, cause the computing device to perform acts comprising:

in a first instance;

sending a query to a hardware device, the hardware device being one of a plurality of devices associated with a manufacturing model having a common processing signature;

determining an expected result of the query, the expected result reflecting the common processing signature associated with the manufacturing model of the hardware device;

creating, on a processing unit of the computing device, a first session key based on the expected result of the query; and

using the first session key to encrypt or decrypt at least one communication with the hardware device,wherein the hardware device creates a second session key based on the query by passing an actual result of the query through a function to create the second session key, the second session key being usable to encrypt or decrypt the at least one communication, andwherein creating the first session key includes passing the expected result of the query through the function used by the hardware device to create the second session key; and

in a second instance;

performing the sending, the determining, and the creating again with a different query to obtain a different expected result and a different session key, andusing the different session key to encrypt or decrypt at least one other communication with the hardware device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for independently generating a unique private session key at one or more hardware devices within a computing system using a subset of the functionality implemented in a hardware functionality scan combined with the use of a one-way mathematical function.

823 Citations

20 Claims

1. One or more computer storage devices having instructions stored thereon that, when executed by a computing device, cause the computing device to perform acts comprising:
- in a first instance;
  
  sending a query to a hardware device, the hardware device being one of a plurality of devices associated with a manufacturing model having a common processing signature;
  
  determining an expected result of the query, the expected result reflecting the common processing signature associated with the manufacturing model of the hardware device;
  
  creating, on a processing unit of the computing device, a first session key based on the expected result of the query; and
  
  using the first session key to encrypt or decrypt at least one communication with the hardware device,wherein the hardware device creates a second session key based on the query by passing an actual result of the query through a function to create the second session key, the second session key being usable to encrypt or decrypt the at least one communication, andwherein creating the first session key includes passing the expected result of the query through the function used by the hardware device to create the second session key; and
  
  in a second instance;
  
  performing the sending, the determining, and the creating again with a different query to obtain a different expected result and a different session key, andusing the different session key to encrypt or decrypt at least one other communication with the hardware device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The one or more computer storage devices of claim 1, wherein the expected result and the different expected result are stored in a table.
  - 3. The one or more computer storage devices of claim 2, wherein the query and the different query are chosen at random from the table.
  - 4. The one or more computer storage devices of claim 2, wherein the table is obfuscated.
  - 5. The one or more computer storage devices of claim 1, wherein the expected result and the different expected result are generated using software emulation of the hardware device.
  - 6. The one or more computer storage devices of claim 5, the acts further comprising:
    - passing a seed to the software emulation of the hardware device to obtain the expected result, andpassing a different seed to the software emulation of the hardware device to obtain the different expected result.
  - 7. The one or more computer storage devices of claim 5, wherein the software emulation of the hardware device is obfuscated.
  - 8. The one or more computer storage devices of claim 1, the acts further comprising performing the sending, the determining, the creating, and the using each time the hardware device is started.
  - 9. The one or more computer storage devices of claim 1, wherein the second instance occurs when the first session key becomes publicly known.
  - 10. The one or more computer storage devices of claim 1, wherein the function is a one way function.
  - 11. The one or more computer storage devices of claim 10, wherein the one way function is a cryptographic hash function.

12. A system, comprising:
- a processing unit;
  
  a hardware device configured to perform graphical rendering or audio decoding of data, wherein the graphical rendering or the audio decoding comprises characteristics particular to the hardware device; and
  
  a hardware device driver configured to execute on the processing unit to provide access to the hardware device, the hardware device being coupled to the processing unit via a bus, the hardware device driver further configured to;
  
  provide a query to the hardware device;
  
  determine an expected result of the query, the expected result having characteristics that are expected to be consistent with the characteristics particular to the hardware device; and
  
  execute a first one way function to generate a first session key based on the expected result of the query;
  
  the hardware device being further configured to;
  
  receive the query;
  
  generate an actual result of the query, the actual result having the characteristics particular to the hardware device; and
  
  pass the actual result to a second one way function to generate a second session key,wherein the first session key and the second session key are usable together to encrypt or decrypt the data, provided the characteristics of the expected result determined by the hardware device driver are consistent with the characteristics of the actual result generated by the hardware device.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, the hardware device comprising non-volatile storage configured to store the second session key.
  - 14. The system of claim 12, wherein the hardware device driver executes in a trusted location.
  - 15. The system of claim 12, further comprising instructions that, when executed by the processing unit, configure the processing unit to revoke and renew the hardware device driver in an instance when the query becomes publicly known.
  - 16. The system of claim 12, wherein the one way function and the second one way function comprise the same one way function.
  - 17. The system of claim 12, wherein the first session key and the second session key are identical.
  - 18. The system of claim 12, further comprising instructions that, when executed by the processing unit, configure the processing unit to:
    - create additional private encryption keys based on the first session key and the second session key; and
      
      use the additional private encryption keys to directly encrypt or decrypt the data.

19. A method comprising:
- sending a query to a hardware device, the hardware device being configured to perform processing for digital to analog conversion of data, the processing having characteristics particular to the hardware device;
  
  identifying a known result of the query, the known result being consistent with the processing characteristics particular to the hardware device;
  
  creating a first session key based on the known result of the query; and
  
  using the first session key to encrypt or decrypt at least one communication with the hardware device,wherein the hardware device creates a second session key based on the query by passing the second session key through a one-way function to obtain the second session key, the second session key being usable to encrypt or decrypt the at least one communication, andwherein creating the first session key includes passing the known result of the query through the one-way function used by the hardware device to create the second session key.
- View Dependent Claims (20)
- - 20. The method according to claim 19, wherein the hardware device is a graphics device and the processing comprises graphics processing, or the hardware device is an audio codec chip and the processing comprises audio processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Marsh, David J.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US11/227,045
Publication Number

US 20070058807A1
Time in Patent Office

4,009 Days
Field of Search

380/44, 713/171, 726/34
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 2221/2129   Authenticate client device ...

H04L 2209/60   Digital content management,...

H04L 9/0866   involving user or device id...

Establishing a unique session key using a hardware functionality scan

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

823 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a unique session key using a hardware functionality scan

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

823 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links