Generating and distributing pre-computed data (pcd) assets to a target device
US-2015326540-A1 · Nov 12, 2015 · US
Cryptographic management of lifecycle states
US10897352B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10897352-B2 |
| Application number | US-201615755274-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2016 |
| Priority date | Dec 16, 2015 |
| Publication date | Jan 19, 2021 |
| Grant date | Jan 19, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.
First claim
Opening claim text (preview).
What is claimed is: 1. An integrated circuit, comprising: circuitry to provide a secret key value, the secret key value not accessible to software controlling the integrated circuit; one-time programmable memory bits, each one-time programmable memory bit being limited to one change in value from a respective initial value, the one-time programmable memory bits including lifecycle advance bits stored by a first subset of the one-time programmable memory bits, lifecycle rollback bits stored by a second subset of the one-time programmable memory bits, and personality bits stored by a third subset of the one-time programmable memory bits; lifecycle value generating circuitry configured to, using a lifecycle value generating process, generate lifecycle values from lifecycle advance values stored by the lifecycle advance bits and lifecycle rollback values stored by the lifecycle rollback bits; one-way function circuitry to, using a one-way processing function, generate key split values based on personality bit values, lifecycle values, and the secret key value; and, key amalgamation circuitry to generate, based on the key split values, a plurality of encryption key values. 2. The integrated circuit of claim 1 , wherein changing a lifecycle advance bit value stored by the first subset of the one-time programmable memory bits without changing a lifecycle rollback bit value stored by the second subset of the one-time programmable memory bits changes the plurality of encryption key values generated by key amalgamation circuitry. 3. The integrated circuit of claim 2 , wherein changing a lifecycle advance bit value stored by the first subset of the one-time programmable memory bits and changing a corresponding lifecycle rollback bit value stored by the second subset of the one-time programmable memory bits does not change the plurality of encryption key values generated by the key amalgamation circuitry. 4. The integrated circuit of claim 2 , wherein a first set of lifecycle advance bit values and a corresponding first set of lifecycle rollback bit values result in a first set of encryption key values being produced by the key amalgamation circuitry. 5. The integrated circuit of claim 4 , wherein a second set of lifecycle advance bit values and a corresponding second set of lifecycle rollback bit values result in a second set of encryption key values being produced by the key amalgamation circuitry that are not in the first set of encryption key values. 6. The integrated circuit of claim 1 , wherein changing any personality bit value stored by the third subset of the one-time programmable memory bits changes the plurality of encryption key values generated by key amalgamation circuitry. 7. The integrated circuit of claim 6 , wherein a value of respective lifecycle rollback bits negate the effect of corresponding lifecycle advance bits on the encryption key values produced by the key amalgamation circuitry. 8. A computer-readable medium storing a representation of a circuit component comprising: circuitry to provide a secret key value, the secret key value not accessible to software controlling the integrated circuit; one-time programmable memory bits, each one-time programmable memory bit being limited to one change in value from a respective initial value, the one-time programmable memory bits to include lifecycle advance bits stored by a first subset of the one-time programmable memory bits, lifecycle rollback bits stored by a second subset of the one-time programmable memory bits, and personality bits stored by a third subset of the one-time programmable memory bits; lifecycle value generating circuitry to, using a lifecycle value generating process, generate lifecycle values from lifecycle advance values stored by the lifecycle advance bits and lifecycle rollback values stored by the lifecycle rollback bits, the lifecycle values to include a first lifecycle state value generated from a first lifecycle advance value and a first lifecycle rollback value; one-way function circuitry to, using a one-way processing function, generate key split values based on personality bit values, lifecycle values, and the secret key value, the key split values to include a first key split value based on the secret key value, a first personality value, and the first lifecycle state value; and, key amalgamation circuitry to generate, based on the key split values, a plurality of encryption key values, the plurality of encryption key values to include a first encryption key generated from the first key split value. 9. The computer-readable medium of claim 8 , wherein changing at least a first lifecycle advance bit is to change the first lifecycle advance value stored by the first subset of the one-time programmable memory bits to a second lifecycle advance value, a second lifecycle state value is to be generated from the second lifecycle advance value and the first lifecycle rollback value by the lifecycle value generating circuitry, a second key split value based on the secret key value, the first personality value, and the second lifecycle state value is to be generated by the one-way function circuitry, the second lifecycle state value is to be different from the first lifecycle state value, and the key amalgamation circuitry is to generate, from the second key split value, a second encryption key, where the second encryption key is to be different from the first encryption key as a result of the second lifecycle state value being different from the first lifecycle state value. 10. The computer-readable medium of claim 9 , wherein changing at least a first lifecycle rollback bit is to thereby change the first rollback value stored by the second subset of the one-time programmable memory bits to a second lifecycle rollback value, and the first lifecycle state value is to be generated from the second lifecycle advance value and the second lifecycle rollback value. 11. The computer-readable medium of claim 9 , wherein the one-way processing function is to generate the first key split value based on the secret key value, the personality value, and the first lifecycle state value as generated from the second lifecycle advance value and the second lifecycle rollback value, and the first encryption key is to be generated from the first key split value that was generated from the first lifecycle state value that was further generated from the second lifecycle advance value and the second lifecycle rollback value. 12. The computer-readable medium of claim 8 , wherein changing any personality bit value stored by the third subset of the one-time programmable memory bits changes the plurality of encryption key values generated by key amalgamation circuitry. 13. The computer-readable medium of claim 12 , wherein the lifecycle state generating process maps a first plurality of pairs of lifecycle advance values and lifecycle rollback values to the first lifecycle state value. 14. An integrated circuit, comprising: one-time programmable memory bits, each one-time programmable memory bit being limited to one change in value from a respective initial value, the one-time programmable memory bits including lifecycle advance bits stored by a first subset of the one-time programmable memory bits, lifecycle rollback bits stored by a second subset of the one-time programmable memory bits, and personality bits stored by a third subset of the one-time programmable memory bits; lifecycle value generating circuitry configured to, using a lifecycle value generating process, generate lifecycle values from lifecycle advance values stored by the lifecycle advance bits and lifecycle rollback values stor
Assignees
Inventors
Classifications
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
- H04L9/0863Primary
involving passwords or one-time passwords (network architectures or network communication protocols for using one-time keys in a packet data network H04L63/067) · CPC title
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
- H04L9/0861Primary
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10897352B2 cover?
- A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to t…
- Who is the assignee on this patent?
- Cryptography Res Inc, Rambus Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0863. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 19 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).