Programming on-chip non-volatile memory in a secure processor using a sequence number
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
G06F-021/73
출원번호
US-0576356
(2009-10-09)
등록번호
US-8856513
(2014-10-07)
발명자
/ 주소
Srinivasan, Pramila
Princen, John
출원인 / 주소
Acer Cloud Technology, Inc.
대리인 / 주소
Sheppard, Mullin, Richter & Hampton LLP
인용정보
피인용 횟수 :
3인용 특허 :
137
초록▼
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
대표청구항▼
1. A device comprising: on-chip non-volatile (NV) memory including: a secret seed random number;on-chip writable memory including: a stored sequence number;a means for receiving a request for a device certificate;a means for initializing a state variable in the on-chip writable memory to an initial
1. A device comprising: on-chip non-volatile (NV) memory including: a secret seed random number;on-chip writable memory including: a stored sequence number;a means for receiving a request for a device certificate;a means for initializing a state variable in the on-chip writable memory to an initial value in response to a power up event of the device;a means for computing a key as a function of the secret seed random number and the sequence number;a means for incrementing the sequence number;a means for storing the incremented sequence number;a means for generating a first random number as a function of the key and the state variable;a means for incrementing the state variable;a means for creating the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;a means for executing at least a portion of the secure application, the executing using at least a portion of the protected resources;a means for clearing the state variable from the on-chip writable memory before a power down event of the device. 2. The device of claim 1 further comprising a means for generating a second random number using the key and the incremented state variable. 3. The device of claim 1, wherein the means for computing the key and for generating the first random number is selected from a group consisting of cryptographically strong encryption, decryption, and hash functions. 4. A method comprising: receiving, using a processor, a request for a device certificate;initializing, using the processor, a state variable in on-chip writable memory to an initial value in response to a power up event of a device containing the processor;computing, using the processor, a key as a function of a secret seed random number and a sequence number;incrementing, using the processor, the sequence number;generating, using the processor, a first random number as a function of the key and the state variable;incrementing, using the processor, the state variable;generating, using the processor, a second random number using the key and the incremented state variable;creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate adapted to provide a security signature for accessing protected resources by a secure application;executing at least a portion of the secure application, the executing using at least a portion of the protected resources;clearing the state variable from the on-chip writable memory before a power down event of the device. 5. The method of claim 4, wherein computing the key comprises executing one or more of: cryptographically strong encryption, decryption, and hash functions. 6. The method of claim 4, wherein generating the first random number comprises executing one or more of: cryptographically strong encryption, decryption, and hash functions. 7. The method of claim 4, wherein the key is one or more of a public key and a private key. 8. The method of claim 4, wherein the secret seed random number is stored on an on-chip non-volatile (NV) memory. 9. The method of claim 4, wherein the sequence number is a stored sequence number included in the on-chip writable memory. 10. A system, comprising: an on-chip non-volatile (NV) memory including a secret seed random number;an on-chip writable memory including a stored sequence number;a client-side interface associated with a registered client;a certificate generation module;wherein, in operation: the client-side interface is configured to receive a request for a device certificate and to transmit a validated device certificate;the certificate generation module is configured to: initialize a state variable in the on-chip writable memory to an initial value in response to a power up event of a device containing the certificate generation module;compute a key as a function of the secret seed random number and the sequence number;increment the sequence number;generate a first random number as a function of the key and the state variable;increment the state variable;create the validated device certificate based on the first random number and the request for the device certificate, the validated device certificate adapted to provide a security signature for accessing protected resources by a secure application, at least a portion of the secure application executed on the system, the execution using at least a portion of the protected resources;clear the state variable from the on-chip writable memory before a power down event of the device. 11. The system of claim 10 wherein, in operation, the certificate generation module is configured to generate a second random number using the key and the incremented state variable. 12. The system of claim 10, wherein computing the key comprises executing one or more of: cryptographically strong encryption, decryption, and hash functions. 13. The system of claim 10, wherein generating the first random number comprises executing one or more of: cryptographically strong encryption, decryption, and hash functions. 14. The system of claim 10, further comprising a server comprising: a certificate database storing a registered device identity corresponding to the registered client;a certificate request module;a server interface communicatively coupled to the client-side interface;a certificate verification module;wherein, in operation: the certificate request module creates the request for the device certificate based on the registered device identity;the server interface transmits the request for the device certificate to the client-side interface and receives the validated device certificate from the client-side interface;the certificate verification module verifies the validated device certificate. 15. The system of claim 14, wherein: the server comprises a pseudo random number (PRN) generator configured to generate a second random number; andthe certificate request module creates the request for the device certificate based on the second random number. 16. The system of claim 10, wherein the key is one or more of a public key and a private key. 17. The device of claim 1, wherein the key is one or more of a public key and a private key. 18. The method of claim 1, wherein the method is executed in response to the power up event of the device. 19. The system of claim 10, wherein, in operation, the request for the device certificate occurs in response to the power up event of the device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (137)
Hogan, Kenneth; Polucha, Micheal; Pham, Trieu; Vollum, Steve; Johnston, Jessee, Airborne e-mail data transfer protocol.
Knobl,Karl Heinz; Menzenbach,Christof; Eibach,Wolfgang G; Nuttall,Mark Patrick; Phippen,Robert William, Apparatus and method for establishing communication in a computer network.
Boyle John M. (Cranford NJ) Maiwald Eric S. (Southfields NY) Snow David W. (Convent Station NJ), Apparatus and method for providing multi-level security for communication among computers and terminals on a network.
Peterson, Leonard J.; Freedman, Steven J.; Partovi, Hadi; Endres, Raymond E.; D'Souza, David J.; Ellerman, Erik Castedo; Jiggins, Julian P., Client-side system for scheduling delivery of web content and locally managing the web content.
Karolak Dale W. (Ft. Wayne IN) Shirey Carl L. (Ft. Wayne IN) Steiner Wesley D. (Ft. Wayne IN) Rue Robert T. (Ft. Wayne IN), Communications management system architecture.
Acharya, Swarup; Korth, Henry F.; Poosala, Viswanath, Computer implemented method and apparatus for fulfilling a request for information content with a user-selectable version of a file containing that information content.
Hatakeyama, Takahisa; Yoshioka, Makoto; Miyazawa, Yuji, Content usage control system, content usage apparatus, computer readable recording medium with program recorded for computer to execute usage method.
Ikuta Masanao,JPX ; Kambe Tomoaki,JPX ; Takida Satoshi,JPX, Data caching apparatus, data caching method and medium recorded with data caching program in client/server distributed system.
Blatter Harold ; Horlander Thomas Edward ; Bridgewater Kevin Elliott ; Deiss Michael Scott, Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Krajewski ; Jr. Marjan (Acton MA) Chipchak John C. (Dracut MA) Chodorow David A. (Groton MA) Trostle Jonathan T. (Lexington MA) Baldwin Peter T. (Rowley MA), Electronic information network user authentication and authorization system.
Shaw David E. ; Ardai Charles E. ; Marsh Brian D. ; Moraes Mark A. ; Rudolph Dana B. ; Mc Auliffe Jon D., Electronic mail system for displaying advertisement at local computer received from remote system while the local compu.
Traversat Bernard A. ; Saulpaugh Tom ; Schmidt Jeffrey A. ; Slaughter Gregory L. ; Tracey William J. ; Woodward Steve, Generic schema for storing configuration information on a server computer.
Asano, Tomoyuki; Osawa, Yoshitomo, Information transmission system and method, drive device and access method, information recording medium, device and method for producing recording medium.
Ishibashi,Yoshihito; Oishi,Tateo; Matsuyama,Shinako; Asano,Tomoyuki; Muto,Akihiro; Kitahara,Jun, Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method.
Tysen Atticus N. (San Francisco CA) Sidhu Gursharan (Menlo Park CA) Chang C. Victor (Fremont CA) Calamera Pablo (San Jose CA), Message protection mechanism and graphical user interface therefor.
Khan Raheel Ahmed ; Burleson David Brent ; Filion John Thomas ; Cheek Donald Scott, Method and apparatus for a game delivery service including flash memory and a game back-up module.
Christopher H. Stewart ; Svilen B. Pronev ; Darrell J. Starnes, Method and apparatus for efficient storage and retrieval of objects in and from an object storage device.
Lambert Mark L. ; van der Rijn Daniel J. G. ; Kemper David J. ; Verkler Jay L., Method and apparatus for storing and delivering documents on the internet.
Sanjay Agraharam ; Robert Edward Markowitz ; Kenneth H. Rosen ; David Hilton Shur ; Joel A. Winthrop, Method and apparatus to enhance a multicast information stream in a communication network.
Arnold Thomas Andrew ; Pettitt John Philip ; Rendleman ; Jr. Jesse Noel ; Lewis ; Jr. Robert Lincoln, Method and system for delivering digital products electronically.
Fields, Duane Kimbell; Gregg, Thomas Preston; Hassinger, Sebastian Daniel; Hurley, II, William Walter; Kolb, Mark Andrew; Vu, Stacy Braden, Method and system for distributing image-based content on the internet.
Reiter Robert W. ; Solinas Jerome A., Method of elliptic curve cryptographic digital signature generation and verification using reduced base tau expansion in non-adjacent form.
Scott, Mark; Cheng, Anita; Ho, Simon; Irimescu, George; Voineag, Dorel; Wong, William; Yao, Min; Zadeh, Row J., Method, system, and computer program product for providing voice over the internet communication.
Shear, Victor H.; Van Wie, David M.; Weber, Robert P., Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Uesaka Yasushi,JPX ; Yamauchi Kazuhiko,JPX ; Kozuka Masayuki,JPX ; Higaki Nobuo,JPX ; Horiuchi Koichi,JPX ; Haruna Syusuke,JPX, Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor.
Webber Neil F. (Hudson MA) Israel Robert K. (Westford MA) Kenley Gregory (Northborough MA) Taylor Tracy M. (Upton MA) Foster Antony W. (Framingham MA), Network file migration system.
Lin Mengjou, Process scheduling for streaming data through scheduling of disk jobs and network jobs and the relationship of the scheduling between these types of jobs.
Theriault Roger ; Lockhart Thomas Wayne,CAX ; Battin Robert D., Proxy host computer and method for accessing and retrieving information between a browser and a proxy.
Bel,Hendrik Jan; Lokhoff,Gerardus Cornelis Petrus; Breugom,Michel Ronald; Engelen,Dirk Valentinus Rene; Van De Poel,Peter, Receiving device for securely storing a content item, and playback device.
Gidron,Yoad; Holder,Ophir; Teichholtz,Haim; Reich,Benny; Gur Ari,Yaron; Schiller,Michael, Rule-based system and method for managing the provisioning of user applications on limited-resource and/or wireless devices.
Tso Michael Man-Hak ; Jing Jin ; Knauerhase Robert Conrad ; Romrell David Alfred ; Gillespie Daniel Joshua ; Bakshi Bikram Singh ; Sathyanarayan Seshardi, Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object.
Vaitzblit Lev (Concord MA) Ramakrishnan Kadangode K. (Maynard MA) Tzelnic Percy (Concord MA), Scheduling and admission control policy for a continuous media server.
Doherty, Robert J.; Tierney, Peter L.; Arnaoutoglou-Andreou, Marios, System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files.
England,Paul; DeTreville,John D.; Lampson,Butler W., System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party.
Duane Kimbell Fields ; Thomas Preston Gregg ; Sebastian Daniel Hassinger ; William Walter Hurley, System and method for cooperative client/server customization of web pages.
Pasquali Sandro, System and method for providing a dynamic advertising content window within a window based content manifestation environment provided in a browser.
Ford, Daniel A.; Kraft, Reiner; Tewari, Gaurav, System and technique for dynamic information gathering and targeted advertising in a web based model using a live information selection and analysis tool.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Hall,Edwin J.; Shear,Victor H.; Tomasello,Luke S.; Van Wie,David M.; Weber,Robert P.; Worsencroft,Kim; Xu,Xuejun, Techniques for defining, using and manipulating rights management data structures.
Nakamura Hiroki,JPX ; Kusumi Yuki,JPX ; Oashi Masahiro,JPX ; Shimoji Tatsuya,JPX, Video on demand system with a transmission schedule table in the video server including entries for client identifiers,.
Belknap William R. (San Jose CA) Henley Martha R. (Morgan Hill CA) Falcon ; Jr. Lorenzo (San Jose CA) Frayne Thomas E. (San Jose CA) Luo Mei-Lan (San Jose CA) Saxena Ashok R. (San Jose CA), Video optimized media streamer with cache management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.