최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0227045 (2005-09-15) |
등록번호 | US-9436804 (2016-09-06) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 473 |
Systems and methods for independently generating a unique private session key at one or more hardware devices within a computing system using a subset of the functionality implemented in a hardware functionality scan combined with the use of a one-way mathematical function.
1. One or more computer storage devices having instructions stored thereon that, when executed by a computing device, cause the computing device to perform acts comprising: in a first instance: sending a query to a hardware device, the hardware device being one of a plurality of devices associated w
1. One or more computer storage devices having instructions stored thereon that, when executed by a computing device, cause the computing device to perform acts comprising: in a first instance: sending a query to a hardware device, the hardware device being one of a plurality of devices associated with a manufacturing model having a common processing signature;determining an expected result of the query, the expected result reflecting the common processing signature associated with the manufacturing model of the hardware device;creating, on a processing unit of the computing device, a first session key based on the expected result of the query; andusing the first session key to encrypt or decrypt at least one communication with the hardware device,wherein the hardware device creates a second session key based on the query by passing an actual result of the query through a function to create the second session key, the second session key being usable to encrypt or decrypt the at least one communication, andwherein creating the first session key includes passing the expected result of the query through the function used by the hardware device to create the second session key; andin a second instance: performing the sending, the determining, and the creating again with a different query to obtain a different expected result and a different session key, andusing the different session key to encrypt or decrypt at least one other communication with the hardware device. 2. The one or more computer storage devices of claim 1, wherein the expected result and the different expected result are stored in a table. 3. The one or more computer storage devices of claim 2, wherein the query and the different query are chosen at random from the table. 4. The one or more computer storage devices of claim 2, wherein the table is obfuscated. 5. The one or more computer storage devices of claim 1, wherein the expected result and the different expected result are generated using software emulation of the hardware device. 6. The one or more computer storage devices of claim 5, the acts further comprising: passing a seed to the software emulation of the hardware device to obtain the expected result, andpassing a different seed to the software emulation of the hardware device to obtain the different expected result. 7. The one or more computer storage devices of claim 5, wherein the software emulation of the hardware device is obfuscated. 8. The one or more computer storage devices of claim 1, the acts further comprising performing the sending, the determining, the creating, and the using each time the hardware device is started. 9. The one or more computer storage devices of claim 1, wherein the second instance occurs when the first session key becomes publicly known. 10. The one or more computer storage devices of claim 1, wherein the function is a one way function. 11. The one or more computer storage devices of claim 10, wherein the one way function is a cryptographic hash function. 12. A system, comprising: a processing unit;a hardware device configured to perform graphical rendering or audio decoding of data, wherein the graphical rendering or the audio decoding comprises characteristics particular to the hardware device; anda hardware device driver configured to execute on the processing unit to provide access to the hardware device, the hardware device being coupled to the processing unit via a bus, the hardware device driver further configured to: provide a query to the hardware device;determine an expected result of the query, the expected result having characteristics that are expected to be consistent with the characteristics particular to the hardware device; andexecute a first one way function to generate a first session key based on the expected result of the query;the hardware device being further configured to: receive the query;generate an actual result of the query, the actual result having the characteristics particular to the hardware device; andpass the actual result to a second one way function to generate a second session key,wherein the first session key and the second session key are usable together to encrypt or decrypt the data, provided the characteristics of the expected result determined by the hardware device driver are consistent with the characteristics of the actual result generated by the hardware device. 13. The system of claim 12, the hardware device comprising non-volatile storage configured to store the second session key. 14. The system of claim 12, wherein the hardware device driver executes in a trusted location. 15. The system of claim 12, further comprising instructions that, when executed by the processing unit, configure the processing unit to revoke and renew the hardware device driver in an instance when the query becomes publicly known. 16. The system of claim 12, wherein the one way function and the second one way function comprise the same one way function. 17. The system of claim 12, wherein the first session key and the second session key are identical. 18. The system of claim 12, further comprising instructions that, when executed by the processing unit, configure the processing unit to: create additional private encryption keys based on the first session key and the second session key; anduse the additional private encryption keys to directly encrypt or decrypt the data. 19. A method comprising: sending a query to a hardware device, the hardware device being configured to perform processing for digital to analog conversion of data, the processing having characteristics particular to the hardware device;identifying a known result of the query, the known result being consistent with the processing characteristics particular to the hardware device;creating a first session key based on the known result of the query; andusing the first session key to encrypt or decrypt at least one communication with the hardware device,wherein the hardware device creates a second session key based on the query by passing the second session key through a one-way function to obtain the second session key, the second session key being usable to encrypt or decrypt the at least one communication, andwherein creating the first session key includes passing the known result of the query through the one-way function used by the hardware device to create the second session key. 20. The method according to claim 19, wherein the hardware device is a graphics device and the processing comprises graphics processing, or the hardware device is an audio codec chip and the processing comprises audio processing.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.