A method of replacing a current key in a security element and corresponding security element
US-2024154804-A1 · May 9, 2024 · US
Secure key storage using physically unclonable functions
US9544141B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9544141-B2 |
| Application number | US-201113996544-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 29, 2011 |
| Priority date | Dec 29, 2011 |
| Publication date | Jan 10, 2017 |
| Grant date | Jan 10, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.
First claim
Opening claim text (preview).
The invention claimed is: 1. A processor comprising: at least one interconnect; a first circuit, coupled to the at least one interconnect, to generate a hardware key based on at least one unique physical characteristic of the processor; nonvolatile memory, coupled to the first circuit by the at least one interconnect, to store an encrypted key, the encrypted key stored in the nonvolatile memory being a first key received from a tester circuit external to the processor and encrypted using the hardware key; a second circuit connected to the nonvolatile memory and the first circuit by the at least one interconnect, the second circuit to decrypt the encrypted key stored in the nonvolatile memory with at least the hardware key to provide a decrypted key and generate a validation indicator based on the decrypted key; and fixed logic circuitry coupled to the first circuit and the second circuit by the at least one interconnect, the fixed logic circuitry to compare the validation indicator to the first key to generate a validator indicating whether the decrypted key is valid and provide the validator to the tester circuit external to the processor, the tester circuit to validate the encrypted key using the validator. 2. A processor as recited in claim 1 , wherein the hardware key is unique to the processor due to manufacturing variations resulting from integrated circuit fabrication of the processor. 3. A processor as recited in claim 1 , wherein the second circuit is only a decryption component. 4. A processor as recited in claim 1 , wherein the nonvolatile memory includes a one-time only programmable memory. 5. A processor as recited in claim 4 , wherein the nonvolatile memory includes at least one fuse. 6. A processor as recited in claim 4 , wherein the nonvolatile memory includes at least one anti-fuse. 7. A processor as recited in claim 1 , wherein the second circuit is includes a decryption component and an encryption component. 8. A processor as recited in claim 1 , further comprising: at least one contact; and second fixed logic circuitry to provide, at a first time, a communication path between the at least one contact and at least one of the non-volatile memory, the first circuit, and the second circuit, and wherein at a second time, which is later than the first time, the second fixed logic circuitry permanently disables the communication path. 9. A processor as recited in claim 1 , wherein during manufacture of the processor at a first time, the first circuit generates the hardware key, in response to a challenge from an external device, for the second circuit and for the external device, wherein the external device employs the hardware key to encrypt the first key, stores the encrypted first key into the nonvolatile memory, and reads the encrypted first key from the nonvolatile memory, wherein during the manufacture of the processor at a second time that is after the first time, the processor receives control signals that permanently isolate at least one of the nonvolatile memory, the first circuit, and the second circuit from all devices that are external to the processor. 10. A processor as recited in claim 1 , wherein during manufacture of the processor at a first time, the first circuit generates the hardware key, in response to a challenge from an external device, for the second circuit and for the fixed logic circuitry. 11. A processor as recited in claim 10 , wherein the processor is manufactured such that the nonvolatile memory is never readable nor writable by a device that is external to the processor. 12. A processor as recited in claim 10 , wherein during the manufacture of the processor at a second time that is after the first time, the processor receives control signals that permanently isolate at least one of the nonvolatile memory, the first circuit, and the second circuit from all devices that are external to the processor. 13. A system comprising: at least one processor comprising: at least one interconnect; a first circuit, coupled to the at least one interconnect, to generate a hardware key based on at least one unique physical characteristic of the processor; nonvolatile memory, coupled to the first circuit by the at least one interconnect, to store an encrypted key, the encrypted key stored in the nonvolatile memory being a first key received from a tester circuit external to the at least one processor and encrypted using the hardware key; a second circuit connected to the nonvolatile memory and the first circuit by the at least one interconnect, the second circuit to decrypt the encrypted key stored in the nonvolatile memory with at least the hardware key to provide a decrypted key and generate a validation indicator based on the decrypted key; and fixed logic circuitry coupled to the first circuit and the second circuit by the at least one interconnect, the fixed logic circuitry to compare the validation indicator to the first key to generate a validator indicating whether the decrypted key is valid and provide the validator to the tester circuit external to the at least one processor, the tester circuit to validate the encrypted key using the validator. 14. A system as recited in claim 13 , further comprising: a key provisioning component to encrypt a reference key with the hardware key and to provide the encrypted reference key to the at least one processor, wherein the reference key is the first key. 15. A system as recited in claim 14 , wherein the key provisioning component validates the encrypted first key stored in the nonvolatile memory by: retrieving the encrypted first key from the nonvolatile memory, decrypting the retrieved encrypted first key with at least the hardware key to reveal the first key, comparing the revealed first key with the reference key, and detecting that the revealed first key and the reference key match based at least on the comparison of the revealed first key and the reference key. 16. A system as recited in claim 13 , further comprising: a key provisioning component to provide the first key and control signals to the at least one processor, wherein the first circuit of the at least one processor generates the hardware key in response to the control signals, wherein in response to the control signals, the second circuit encrypts the first key with the hardware key and stores the encrypted first key in the nonvolatile memory.
Assignees
Inventors
Classifications
Details relating to cryptographic hardware or logic circuitry · CPC title
- H04L9/0891Primary
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9544141B2 cover?
- Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encryp…
- Who is the assignee on this patent?
- Li Jiangtao, Rajan Anand, Maes Roel, and 4 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0891. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).