Control word protection method for conditional access system
US-2018019877-A1 · Jan 18, 2018 · US
Fault tolerant provisioning verification for cryptographic keys
US11728985B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11728985-B2 |
| Application number | US-202117149434-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 14, 2021 |
| Priority date | Jan 14, 2021 |
| Publication date | Aug 15, 2023 |
| Grant date | Aug 15, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present application relates to a method and apparatus for providing fault tolerant provisioning verification for cryptographic keys including receiving, via an interface, a first security key, a second security key, and a first verification data generated in response to the first security key and the second security key, coupling, by a processor, the first security key and the second security key to an electronic controller, receiving, by the processor, a second verification data generated by the electronic controller in response to the first security key and the second security key, and marking, by the processor, the controller as provisioned in response to the first verification data matching the second verification data.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, via an interface, a first security key, a second security key, and a first verification data generated to using the first security key and the second security key; transmitting, by a processor, the first security key and the second security key to an electronic controller; receiving, by the processor, a second verification data generated by the electronic controller to using the first security key and the second security key; and marking, by the processor, the electronic controller as provisioned in response to the first verification data matching the second verification data. 2. The method of claim 1 , wherein the second security key is provisioned in the electronic controller using the first security key as an authorization key and wherein the second verification data is a message authentication code generated using the second security key. 3. The method of claim 1 , further including retransmitting, by the processor, the first security key and the second security key to the electronic controller in response to the first verification data not matching the second verification data. 4. The method of claim 1 , wherein the first verification data is generated in response to a chaining of a message authentication code of the first security key and a message authentication code of the second security key. 5. The method of claim 1 , wherein the first verification data is a message authentication code of the second security key. 6. The method of claim 1 , further including storing, in a memory, the first security key, the second security key, the first verification data, and a unique identifier associated with the electronic controller. 7. The method of claim 1 , wherein the first security key and the second security key are coupled to the electronic controller in response to receiving a unique identifier and wherein the first security key and the second security key are generated from the unique identifier. 8. The method of claim 1 , further including marking, by the processor, the electronic controller as failed in response to the first verification data not matching the second verification data and a counter exceeding a provisioning attempt limit. 9. The method of claim 1 , wherein the first security key and the second security key are generated in response to a unique identifier of the electronic controller. 10. An apparatus comprising: an interface for receiving a first security key, a second security key, and a first verification data generated using the first security key and the second security key; a microprocessor for transmitting the first security key and the second security key to an electronic controller, for receiving a second verification data generated by the electronic controller using the first security key and the second security key, and for marking the electronic controller as provisioned in response to the first verification data matching the second verification data; and a memory for storing the first security key, the second security key, and the verification data. 11. The apparatus of claim 10 , wherein the wherein the microprocessor is further configured for retransmitting the first security key and the second security key to the electronic controller in response to the first verification data not matching the second verification data. 12. The apparatus of claim 10 , wherein the first verification data is generated in response to a chaining of a message authentication code of the first security key and a message authentication code of the second security key. 13. The apparatus of claim 10 , wherein the first verification data is a message authentication code of the second security key. 14. The apparatus of claim 10 , wherein the memory is further configured for storing a unique identifier associated with the electronic controller. 15. The apparatus of claim 10 , wherein the microprocessor is configured to couple the first security key and the second security key in response to receiving a unique identifier from the electronic controller and wherein the first security key and the second security key are generated in response to the unique identifier. 16. The apparatus of claim 10 , wherein the microprocessor is configured to mark the electronic controller as failed in response to the first verification data not matching the second verification data and a counter exceeding a provisioning attempt limit. 17. The apparatus of claim 10 , wherein the second security key is provisioned in the electronic controller using the first security key as an authorization key and the second verification data is a message authentication code generated using the second security key. 18. The apparatus of claim 10 , wherein the first security key and the second security key are generated from a unique identifier of the electronic controller. 19. An electronic controller provisioning device comprising: a memory configured for storing a first secret key associated with a first customer, a second secret key associated with a second customer and a first verification data generated using the first secret key and the second secret key; and a processor configured to transmit the first secret key and the second secret key to an electronic controller, for receiving a second verification data from the electronic controller generated using the first secret key and the second secret key, and for marking the electronic controller as provisioned in response to the first verification data matching the second verification data. 20. The electronic controller provisioning device of claim 19 , wherein the first secret key and the second secret key are generated in response to a unique identifier of the electronic controller and the first verification data and the second verification data are generated by a chaining of a message authentication code of the first secret key and a message authentication code of the second secret key.
Assignees
Inventors
Classifications
- H04L9/14Primary
using a plurality of keys or algorithms · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11728985B2 cover?
- The present application relates to a method and apparatus for providing fault tolerant provisioning verification for cryptographic keys including receiving, via an interface, a first security key, a second security key, and a first verification data generated in response to the first security key and the second security key, coupling, by a processor, the first security key and the second securi…
- Who is the assignee on this patent?
- Gm Global Tech Operations Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/14. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 15 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).