System, devices and/or processes for delegation of cryptographic control of firmware authorization management
US-2022058270-A1 · Feb 24, 2022 · US
Device control transfer
US12506618B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12506618-B2 |
| Application number | US-202318497000-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 30, 2023 |
| Priority date | Dec 14, 2022 |
| Publication date | Dec 23, 2025 |
| Grant date | Dec 23, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a device includes a memory to store a first public key indicating security ownership of the device by a first owner, an interface to receive a signature of an intermediate public key signed by a first owner signing service with a first private key, and processing circuitry to load the intermediate public key in the memory, responsively to authenticating the signature, and remove the first public key from the memory, and wherein the interface is to receive a second public key and a signature of the second public key signed by a second owner signing service with an intermediate private key, the processing circuitry is to load a second public key in the memory indicating ownership has been transferred to the second owner responsively to authenticating the signature of the second public key with the intermediate public key, and remove the intermediate public key from the memory.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system comprising a device including: a memory to store a first public key indicating security ownership of the device by a first owner; an interface to receive a signature of an intermediate public key signed by a first owner signing service with a first private key, which forms a first key pair with the first public key; and processing circuitry to: load the intermediate public key in the memory in preparation for transferring ownership of the device from the first owner, responsively to authenticating the signature of the intermediate public key with the first public key; and remove the first public key from the memory; and wherein: the interface is to receive a second public key and a signature of the second public key signed by a second owner signing service with an intermediate private key, which forms an intermediate key pair with the intermediate public key, the second public key and a second private key forming a second key pair; the processing circuitry is to load the second public key in the memory indicating ownership of the device has been transferred to the second owner responsively to authenticating the signature of the second public key with the intermediate public key; and the processing circuitry is to remove the intermediate public key from the memory. 2 . The system according to claim 1 , wherein the processing circuitry is to overwrite the first public key in the memory with the intermediate public key while loading the intermediate public key in the memory. 3 . The system according to claim 1 , wherein the processing circuitry is to prevent loading of any public key unauthenticated by a given loaded public key; and allows loading of a public key signed by a given private key paired with the given loaded public key. 4 . The system according to claim 1 , wherein the processing circuitry is to purge firmware and certificates signed by the first private key from the memory. 5 . The system according to claim 1 , further comprising the first owner signing service to sign the intermediate public key with the first private key. 6 . The system according to claim 1 , further comprising the second owner signing service to: generate the second key pair; sign the second public key with the intermediate private key; and provide the second public key and the signature of the second public key to the device. 7 . The system according to claim 1 , wherein the processing circuitry is to overwrite the intermediate public key in the memory with the second public key while loading the second public key in the memory. 8 . The system according to claim 1 , wherein: the interface is to receive a certificate container signed with the second private key; and the processing circuitry is to load a certificate associated with the signed certificate container in the memory. 9 . The system according to claim 1 , wherein: the interface is to receive a signature of the firmware; and the processing circuitry is to store the firmware in the memory or execute the firmware, responsively to authenticating the signature of firmware with a public key of a leaf certificate in a certificate chain with a root certificate of the second owner. 10 . The system according to claim 1 , further comprising a measuring device to: perform measurements on the device after transferring the ownership of the device; and compare the measurements performed after transferring ownership of the device to measurements performed before transferring ownership of the device to confirm that the device has not been tampered with. 11 . The system according to claim 1 , wherein the processing circuitry is to: perform first measurements of the device before transferring the ownership of the device; sign the first measurements; provide a first report of the signed first measurements to the second owner signing service; perform second measurements of the device after transferring the ownership of the device; sign the second measurements; and provide a second report of the signed second measurements to the second owner signing service. 12 . The system according to claim 11 , wherein the second owner signing service is to compare the first report to the second report to confirm that the device has not been tampered with. 13 . The system according to claim 1 , wherein: the interface is to receive the signature of the intermediate public key and a device list signed by the first owner signing service with the first private key, the device list including a device identification of the device; and the processing circuitry is to load the intermediate public key in the memory in preparation for transferring ownership of the device from the first owner, responsively to authenticating the signature of the intermediate public key and the device list with the first public key. 14 . The system according to claim 13 , wherein the device list includes device identifications of multiple devices. 15 . A control transfer method, comprising: storing a first public key indicating security ownership of a device by a first owner; receiving a signature of an intermediate public key signed by a first owner signing service with a first private key, which forms a first key pair with the first public key; loading the intermediate public key in a memory of the device in preparation for transferring ownership of the device from the first owner, responsively to authenticating the signature of the intermediate public key with the first public key; removing the first public key from the memory; receiving a second public key and a signature of the second public key signed by a second owner signing service with an intermediate private key, which forms an intermediate key pair with the intermediate public key, the second public key and a second private key forming a second key pair; loading the second public key in the memory indicating ownership of the device has been transferred to the second owner responsively to authenticating the signature of the second public key with the intermediate public key; and removing the intermediate public key from the memory. 16 . The method according to claim 15 , further comprising preventing loading of any public key unauthenticated by a given loaded public key; and allows loading of a public key signed by a given private key paired with the given loaded public key. 17 . The method according to claim 15 , further comprising purging firmware and certificates signed by the first private key from the memory. 18 . The method according to claim 15 , further comprising: receiving a certificate container signed with the second private key; and loading a certificate associated with the signed certificate container in the memory. 19 . The method according to claim 15 , further comprising: receiving a signature of the firmware; and storing the firmware in the memory or executing the firmware, responsively to authenticating the signature of firmware with a public key of a leaf certificate in a certificate chain with a root certificate of the second owner. 20 . The method according to claim 15 , further comprising: performing measurements on the device after transferring the ownership of the device; and comparing the measurements performed after transferring ownership of the device to measurements performed before transferring ownership of the device to confirm that the device has not been tampered with. 21 . The method according
Assignees
Inventors
Classifications
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Secure firmware programming, e.g. of basic input output system [BIOS] · CPC title
- H04L9/3247Primary
involving digital signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12506618B2 cover?
- In one embodiment, a device includes a memory to store a first public key indicating security ownership of the device by a first owner, an interface to receive a signature of an intermediate public key signed by a first owner signing service with a first private key, and processing circuitry to load the intermediate public key in the memory, responsively to authenticating the signature, and rem…
- Who is the assignee on this patent?
- Mellanox Technologies Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3247. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).