IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0750128
(2010-03-30)
|
등록번호 |
US-8639915
(2014-01-28)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
Blakely, Sokoloff, Taylor & Zafman LLP
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
236 |
초록
▼
In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within th
In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claimed.
대표청구항
▼
1. A method comprising: programming a chip secret key into a manufactured chip;sending the manufactured chip to a system original equipment manufacturer (OEM); andgenerating at least one private key for the manufactured chip in response to a received key update request, wherein generating the at lea
1. A method comprising: programming a chip secret key into a manufactured chip;sending the manufactured chip to a system original equipment manufacturer (OEM); andgenerating at least one private key for the manufactured chip in response to a received key update request, wherein generating the at least one private key comprises:generating cipher text including the at least one private key using an initialization vector (IV) by generating a key vector including the at least one private key; andsending the cipher text to the system OEM including the IV used to form the cipher text; andauthenticating the received key update request, wherein authenticating the received key update request comprises:verifying a digital signature of the system OEM included within the key update request; decrypting the key update request to form a decrypted chip ID if the digital signature of the OEM is verified; verifying that a chip ID of the manufactured chip matches the decrypted chip ID; and disregarding the received key update request if the decrypted chip ID is not verified. 2. The method of claim 1, wherein prior to programming the chip, the method comprises: gathering unique identification (ID) information of the manufactured chip;encrypting the identification information using a first key to form a chip ID for the manufactured chip; andencrypting the chip ID using a second key to form a chip secret key. 3. The method of claim 2, wherein the unique identification information includes a wafer serial number of a wafer from which the chip is formed and an X,Y coordinate location of the manufactured chip within the wafer. 4. The method of claim 1, wherein a key size of the chip secret key is less than a key size of an asymmetric crypto-system private key. 5. The method of claim 1, wherein programming the chip secret key comprises: storing the chip secret key within chip fuses of the manufactured chip; andblowing selected fuses of the manufactured chip to prevent unauthorized access to the chip secret key. 6. The method of claim 1, wherein generating the key vector comprises: encrypting a unique secret value using the chip secret key to form the key vector; removing all revoked keys from the key vector to form a private key vector; andencrypting the private key vector, the chip ID and a digital certificate of the private key vector using the chip secret key and an initialization vector to form the cipher text. 7. The method of claim 1, wherein the key update request is issued by the manufactured chip in response to chip initialization. 8. An article of manufacture including a non-transitory machine readable medium having stored thereon instructions which may be used to program a system to perform a method, comprising: programming a chip secret key into a manufactured chip;sending the manufactured chip to a system original equipment manufacturer (OEM); andgenerating at least one private key for the manufactured chip in response to a received key update request, wherein the key update request is issued by the manufactured chip in response to chip initialization, and further wherein generating the at least one private key comprises:generating cipher text including the at least one private key using an initialization vector (IV); andsending the cipher text to the system OEM including the IV used to form the cipher text; andauthenticating the received key update request, wherein authenticating the received key update request comprises:verifying a digital signature of the system OEM included within the key update request; decrypting the key update request to form a decrypted chip ID if the digital signature of the OEM is verified; verifying that a chip ID of the manufactured chip matches the decrypted chip ID; and disregarding the received key update request if the decrypted chip ID is not verified. 9. The article of manufacture of claim 8, wherein prior to programming the chip, the method comprises: gathering unique identification (ID) information of the manufactured chip;encrypting the identification information using a first key to form a chip ID for the manufactured chip; andencrypting the chip ID using a second key to form the chip secret key. 10. An article of manufacture including a non-transitory computer readable storage medium having stored thereon instructions which may be used to program a system to perform a method, comprising: initializing an integrated chip to generate a key update request using a preprogrammed chip secret key stored within the integrated chip, wherein initializing the integrated chip comprises: providing random cipher text to the integrated chip;requesting the integrated chip to generate the key update request, by: decrypting, by the integrated chip, the random cipher text using the chip secret key to form a random ID, a random key and a random digital certificate; andencrypting, by the integrated chip, the random ID, the chip secret key and a pad value using a public key of the KDF to form the key update request; andattaching a digital signature of the random cipher text to the key update request;transmitting the key update request to a key distribution facility (KDF); andstoring received cipher text including at least one private key from the KDF. 11. The article of manufacture of claim 10, further comprising: providing, during initial boot, the received cipher text to the integrated chip; anddecrypting, by the integrated chip, the received cipher text using the chip secret key to form a chip ID and the at least one private key; andauthenticating, by the integrated chip, with a content protection application to receive protected content. 12. The article of manufacture of claim 10, wherein the method further comprises: providing the received cipher text to the integrated chip, the cipher text including the at least one private key, a key certificate and a chip ID assigned to the integrated chip in encrypted format using the chip secret key;requesting the integrated chip to generate a key update request;encrypting, by the integrated chip, the chip ID, the chip secret key and a random pad value using a public key of the KDF to form a second key update request; andtransmitting the second key update request to the KDF. 13. A method comprising: initializing an integrated chip within a system to generate a key update request using a preprogrammed chip secret key stored within the integrated chip, wherein initializing the integrated chip comprises: providing, during initial boot, random cipher text to the integrated chip;requesting the integrated chip to generate the key update request; anddecrypting, by the integrated chip, the received cipher text using the chip secret key to form a chip ID and the at least one private key; andauthenticating, by the integrated chip, with a content protection application to receive protected contentattaching a digital signature of the random cipher text to the key update request;transmitting the key update request to a key distribution facility (KDF); andstoring received cipher text including at least one private key from the KDF. 14. The method of claim 13, wherein requesting the integrated chip further comprises: decrypting, by the integrated chip, the random cipher text using the chip secret key to form a random ID, a random key and a random digital certificate; andencrypting, by the integrated chip, the random ID, the chip secret key and a pad value using a public key of the KDF to form the key update request. 15. The method of claim 13, wherein storing the received cipher text comprises: receiving an initialization vector (IV) with the received cipher text from the KDF; andsaving the received cipher text and the IV within off-chip persistent storage. 16. The method of claim 13, wherein authenticating further comprises: using, by the integrated chip, a private key digital certificate to authenticate with the content protection application. 17. The method of claim 13, wherein providing further comprises: disabling access to the received cipher text following the initial boot. 18. The method of claim 13, wherein the KDF is a manufacturer of the chip. 19. The method of claim 13, further comprising: providing the received cipher text to the integrated chip, the received cipher text including the at least one private key, a private key digital certificate and a chip ID assigned to the integrated chip in encrypted format using the chip secret key;requesting the chip to generate a key update request;encrypting, by the integrated chip, the chip ID, the chip secret key and a pad value using a public key of the KDF to form a second key update request; andtransmitting the second key update request to the KDF. 20. The method of claim 19, wherein the received cipher text includes a key vector including a series of non-unique private keys.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.