Mobile device in-motion proximity guidance system
US-10136257-B2 · Nov 20, 2018 · US
Security device, system, and security method
US10841087B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10841087-B2 |
| Application number | US-201515761318-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 5, 2015 |
| Priority date | Nov 5, 2015 |
| Publication date | Nov 17, 2020 |
| Grant date | Nov 17, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The security device includes: an identifier generation unit to generate an identifier specific to the security device by using a PUF; a PUF key generation unit to generate a PUF key specific to the security device by using the identifier; a reception unit to receive a registration command in which the registration key and a signature generated for the registration key by using a secret key corresponding to the public key are contained; a signature verification unit to verify, using the public key, validity of the signature contained in the registration command received by the reception unit and output the verification result indicating either failure or success in the verification; and a command execution unit to reject execution of the registration command in a case where the verification result outputted from the signature verification unit is failure, and to encrypt the registration key of the registration command with the PUF key and then store the encrypted registration key in the registration key storage unit in a case where the verification result is success.
First claim
Opening claim text (preview).
The invention claimed is: 1. A security device comprising: a public key storage which is a non-rewritable memory to store a first public key associated with a manufacturer of the security device; an identifier generation circuit to generate an identifier specific to the security device by using a PUF (physical unclonable function); a PUF key generation circuit to generate a PUF key specific to the security device by using the identifier; a registration key storage to store a registration key; a receiver to receive, from a setting device, a registration command in which the registration key has been concatenated with a signature generated for the registration key by using a secret key corresponding to the first public key; a signature verification circuit to verify, using the first public key, validity of the signature and the registration key contained in the registration command received by the receiver and output the verification result indicating either failure or success in the verification; and a command execution circuit to reject, in a case where the verification result outputted from the signature verifier is failure, execution of the registration command; and in a case where the verification result is success, to generate, using the identifier generation circuit, an identifier specific to the security device using a physical unclonable function; generate, using the PUF key generation circuit, a PUF key specific to the security device using the generated identifier; encrypt the registration key received with the registration command with the generated PUF key; and store the encrypted registration key in the registration key storage of the security device. 2. A system for verification of a registration keys for security devices, the system comprising: a setting device comprising a signature generation circuit to generate a signature of a registration key received from a manufacturer of a security device by using a secret key of the manufacturer of the security device, a command generation circuit to generate a registration command in which the generated signature and the registration key are concatenated, and a transmitter to transmit the registration command to a security device; and a security device comprising a public key storage which is a non-rewritable memory to store a first public key associated with a manufacturer of the security device; an identifier generation circuit to generate an identifier specific to the security device by using a PUF (physical unclonable function); a PUF key generation circuit to generate a PUF key specific to the security device by using the identifier; a registration key storage to store a registration key; a receiver to receive, from the setting device, a registration command in which a registration key has been concatenated with a signature generated for the registration key using a secret key corresponding to the first public key; a signature verification circuit to verify, using the first public key, validity of the signature and the registration key contained in the registration command received by the receiver and output the verification result indicating either failure or success in the verification; and a command execution circuit to reject, in a case where the verification result outputted from the signature verifier is failure, execution of the registration command; and in a case where the verification result is success, to generate, using the identifier generation circuit, an identifier specific to the security device using a physical unclonable function; generate, using the PUF key generation circuit, a PUF key specific to the security device using the generated identifier; encrypt the registration key received with the registration command with the generated PUF key; and store the encrypted registration key in the registration key storage of the security device. 3. The system according to claim 2 , wherein the command generation circuit in the setter generates a registration command which contains a key identifier indicating a command type to request to register either a second public key or the registration key; the security device further comprises a key information acquisition circuit to notify the signature verification circuit of the command type indicated by the key identification circuit contained in the registration command; and in a case where a verification result of the signature contained in the registration command is success, the signature verification circuit notifies the command execution circuit of the command type indicated by the key identifier, and the command execution circuit encrypts the second public key or the registration key in accordance with the command type and stores the encrypted second public key or the encrypted registration key in the registration key storage. 4. A security method for a security device which includes a first memory being non-rewritable to store a public key associated with a manufacturer of the security device and a second memory being rewritable to store a registration key and which encrypts the registration key to be stored in the second memory, the security method comprising: receiving, from a setting device, a registration command in which the registration key has been concatenated with a signature generated for the registration key using a secret key corresponding to the public key; verifying, using the public key, validity of the signature and the registration key contained in the registration command received and outputting the verification result indicating either failure or success in the verification; rejecting execution of the registration command in a case where the verification result is failure; and in a case where the verification result is a success generating an identifier specific to the security device using a physical unclonable function (PUF), generating a PUF key specific to the security device using the generated identifier, encrypting the registration key received with the registration command with the generated PUF key, and storing the encrypted registration key in the second memory of the security device.
Assignees
Inventors
Classifications
- H04L9/3278Primary
using physically unclonable functions [PUF] · CPC title
with particular housing, physical features or manual controls · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
Protecting data · CPC title
by creating or determining hardware identification, e.g. serial numbers · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10841087B2 cover?
- The security device includes: an identifier generation unit to generate an identifier specific to the security device by using a PUF; a PUF key generation unit to generate a PUF key specific to the security device by using the identifier; a reception unit to receive a registration command in which the registration key and a signature generated for the registration key by using a secret key corr…
- Who is the assignee on this patent?
- Mitsubishi Electric Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3278. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 17 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).