Detection of compromised storage device firmware
US-2021390179-A1 · Dec 16, 2021 · US
Systems and methods for device authentication in supply chain
US12088695B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12088695-B2 |
| Application number | US-202117558627-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 22, 2021 |
| Priority date | Dec 22, 2021 |
| Publication date | Sep 10, 2024 |
| Grant date | Sep 10, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first semiconductor device includes a processor configured to generate a random number at initial test of a second semiconductor device after fabrication of the second semiconductor device in a supply chain related to the second semiconductor device, and send the generated random number to the second semiconductor device. The processor is further configured to receive a first signature that is signed over the sent random number by the second semiconductor device using a first private key that is stored in the second semiconductor device, among a first private and public key pair, and test the received first signature, using a first public key that is stored in the first semiconductor device, among the first private and public key pair, to determine whether the second semiconductor device is authenticated.
First claim
Opening claim text (preview).
What is claimed is: 1. A first semiconductor device comprising: a processor configured to: generate a random number at initial test of a second semiconductor device after fabrication of the second semiconductor device; send the generated random number to the second semiconductor device; receive a first signature that is signed over the sent random number by the second semiconductor device using a first private key that is stored in the second semiconductor device, among a first private and public key pair; and determine whether the second semiconductor device is authenticated comprising to test the received first signature, using a first public key that is stored in the first semiconductor device, among the first private and public key pair, receive, from the second semiconductor device at the initial test, a certificate comprising a second signature and the first public key, the second signature that is signed over the first public key by a certificate authority server using a second private key, among a second private and public key pair; and test the received second signature, using a second public key, among the second private and public key pair, to determine whether the first public key is authenticated; wherein the processor is further configured to, based on the first public key and based on the received second signature being unlocked by the second public key: determine that the first public key comprised in the certificate is authenticated; and store the first public key for testing the received first signature. 2. The first semiconductor device of claim 1 , wherein the processor is further configured to, based on the generated random number and based on the received first signature being unlocked by the first public key, determine that the second semiconductor device is authenticated. 3. The first semiconductor device of claim 1 , wherein the processor is further configured to: based on the first public key and based on the received second signature being unlocked by the second public key, test the first public key comprised in the certificate, with one or more used public keys, to determine whether the first public key is used; based on the first public key comprised in the certificate matching at least one among the one or more used public keys, determine that the first public key is used, and report a possible breach of a supply chain; and based on the first public key comprised in the certificate not matching any among the one or more used public keys, determine that the first public key is authenticated, and store the first public key for testing the received first signature. 4. The first semiconductor device of claim 1 , wherein the certificate is further received when the first semiconductor device receives the second semiconductor device at a system assembly location prior to system assembly of the first semiconductor device with the second semiconductor device. 5. The first semiconductor device of claim 1 , wherein the first private and public key pair is generated at the initial test. 6. The first semiconductor device of claim 1 , wherein the random number is further generated when the first semiconductor device receives the second semiconductor device at a system assembly location prior to system assembly of the first semiconductor device with the second semiconductor device. 7. The first semiconductor device of claim 1 , wherein the random number is further generated at every power on or reset of the second semiconductor device that is downstream in a supply chain. 8. A method comprising: generating, by a first semiconductor device, a random number at initial test of a second semiconductor device after fabrication of the second semiconductor device; sending, by the first semiconductor device, the generated random number to the second semiconductor device; receiving, by the first semiconductor device, a first signature that is signed over the sent random number by the second semiconductor device using a first private key that is stored in the second semiconductor device, among a first private and public key pair; and determining whether the second semiconductor device is authenticated comprising testing, by the first semiconductor device, the received first signature, using a first public key that is stored in the first semiconductor device, among the first private and public key pair; receiving, by the first semiconductor device, from the second semiconductor device at the initial test, a certificate comprising a second signature and the first public key, the second signature that is signed over the first public key by a certificate authority server using a second private key, among a second private and public key pair; and testing, by the first semiconductor device, the received second signature, using a second public key, among the second private and public key pair, to determine whether the first public key is authenticated; wherein the testing the received second signature comprises, based on the first public key and based on the received second signature being unlocked by the second public key: determining, by the first semiconductor device, that the first public key comprised in the certificate is authenticated; and storing, by the first semiconductor device, the first public key for testing the received first signature. 9. The method of claim 8 , wherein the testing the received first signature comprises, based on the generated random number and based on the received first signature being unlocked by the first public key, determining, by the first semiconductor device, that the second semiconductor device is authenticated. 10. The method of claim 8 , further comprising, based on the first public key and based on the received second signature being unlocked by the second public key, testing, by the first semiconductor device, the first public key comprised in the certificate, with one or more used public keys, to determine whether the first public key is used, wherein the testing the first public key comprises: based on the first public key comprised in the certificate matching at least one among the one or more used public keys, determining, by the first semiconductor device, that the first public key is used, and reporting, by the first semiconductor device, a possible breach of a supply chain; and based on the first public key comprised in the certificate not matching any among the one or more used public keys, determining, by the first semiconductor device, that the first public key is authenticated, and storing, by the first semiconductor device, the first public key for testing the received first signature. 11. The method of claim 8 , wherein the certificate is further received when the first semiconductor device receives the second semiconductor device at a system assembly location prior to system assembly of the first semiconductor device with the second semiconductor device. 12. The method of claim 8 , wherein the first private and public key pair is generated at the initial test. 13. The method of claim 8 , wherein the random number is further generated when the first semiconductor device receives the second semiconductor device at a system assembly location prior to system assembly of the first semiconductor device with the second semiconductor device. 14. The method of claim 8 , wherein the random number is further generated at every power on or reset of the second semiconductor device that is downstream in a supply chain. 15. A non-transitory computer-readable medium comprising instructions, which, if executed by a processor of a first
Assignees
Inventors
Classifications
- H04L9/3247Primary
involving digital signatures · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using an integer algorithm, e.g. using linear congruential method · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
- H04L9/0825Primary
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12088695B2 cover?
- A first semiconductor device includes a processor configured to generate a random number at initial test of a second semiconductor device after fabrication of the second semiconductor device in a supply chain related to the second semiconductor device, and send the generated random number to the second semiconductor device. The processor is further configured to receive a first signature that i…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3247. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 10 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).