Method and end device for securely inputting access code
US-2015371050-A1 · Dec 24, 2015 · US
Creating secure communication channels between processing elements
US9589159B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9589159-B2 |
| Application number | US-49251309-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 26, 2009 |
| Priority date | Jun 26, 2009 |
| Publication date | Mar 7, 2017 |
| Grant date | Mar 7, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Two processing elements in a single platform may communicate securely to allow the platform to take advantage of the certain cryptographic functionality in one processing element. A first processing element, such as a bridge, may use its cryptographic functionality to request a key exchange with a second processing element, such as a graphics engine. Each processing element may include a global key which is common to the two processing elements and a unique key which is unique to each processing element. A key exchange may be established during the boot process the first time the system boots and, failing any hardware change, the same key may be used throughout the lifetime of the two processing elements. Once a secure channel is set up, any application wishing to authenticate a processing element without public-private cryptographic function may perform the authentication with the other processing element which shares a secure channel with the first processing element.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: enabling a second processor based system including a graphics processing unit to use a cryptographic capability of a first processor based system including a central processing unit for secure communications using said cryptographic capability between an application executed on the central processing unit and the graphics processing unit; establishing a secure communication path between the first and second processor based systems using a non-platform specific key used by any platform and platform specific keys, one platform specific key only used by the first processor based system and the second platform specific key only used by the second processor based system, each of said platform specific keys derived using a value stored in a fuse: performing a cryptographic operation on said first processor based system for said second processor based system to obtain results; and sending the results of said cryptographic operation to said second processor based system over said secure communication path. 2. The method of claim 1 including enabling the graphics processing unit to communicate with a bridge. 3. The method of claim 2 including enabling the playback of secure media content using the bridge having a cryptographic functionality and the graphics processing unit without said cryptographic functionality. 4. The method of claim 1 including using as said non-platform specific key a global key common to said processor based systems. 5. The method of claim 1 including requesting a communication key during a boot process, and providing the communication key during the boot process. 6. The method of claim 5 including securely storing said communication key. 7. The method of claim 6 including checking on each boot to ensure that a stored communication key is valid. 8. The method of claim 1 including deriving a unique session key between the application and one of said processor based systems. 9. The method of claim 8 including sending said unique session key in encrypted form to the other of said processor based systems. 10. A non-transitory computer readable medium storing instructions executed by a computer to perform a sequence comprising: enabling a second processor based system including a graphics processing unit to use a cryptographic capability of a first processor based system including a central processing unit for secure communications using said cryptographic capability between an application executed on the central processing unit and the graphics processing unit; establishing a secure communication path between the first and second processor based systems using a non-platform specific key used by any platform and platform specific keys, one platform specific key only used by the first processor based system and the second platform specific key only used by the second processor based system, each of said platform specific keys derived using a value stored in a fuse: performing a cryptographic operation on said first processor based system for said second processor based system to obtain results; and sending the results of said cryptographic operation to said second processor based system over said secure communication path. 11. The medium of claim 10 further storing instructions to implement the sequence including enabling the graphics processing unit to communicate with a bridge. 12. The medium of claim 11 further storing instructions to implement the sequence including enabling the playback of secure media content using the bridge having a cryptographic functionality and the graphics processing unit without said cryptographic functionality. 13. The medium of claim 10 further storing instructions to implement the sequence including using a unique key value on each of said processor based systems. 14. The medium of claim 13 further storing instructions to implement the sequence including using a global key common to said processor based systems. 15. The medium of claim 10 further storing instructions to implement the sequence including requesting a communication key during a boot process, and providing the communication key during the boot process. 16. The medium of claim 15 further storing instructions to implement the sequence including securely storing said communication key. 17. An apparatus comprising: a first processor based system including a central processing unit and said first processor based system having a cryptographic capability; and a second processor based system, including a graphics processing unit without said cryptographic capability, to use the cryptographic capability of the first processing based system for secure communications between an application executing on said first processor based system, and said second processor based system, to establish a secure communication path between the first and second processor based systems using a non-platform specific key used by any platform and platform specific keys, one platform specific key only used by the first processor based system and the second platform specific key only used by the second processor based system, each of said platform specific keys derived using a value stored in a fuse, to perform a cryptographic operation on said first processor based system for said second processor based system to obtain results and to send the results of said cryptographic operation to said second processor based system over said secure communication path; and a communications interface between said first and second processor based systems, said communications interface to use the cryptographic capability of the first processor based system to enable the application to securely communicate with the second processor based system. 18. The apparatus of claim 17 including a bridge having a cryptographic capability wherein said application enables playback of secure media content using the bridge having the cryptographic functionality and the graphics processing unit without said cryptographic functionality.
Assignees
Inventors
Classifications
Digital content management, e.g. content distribution · CPC title
- G06F21/84Primary
output devices, e.g. displays or monitors · CPC title
involving Diffie-Hellman or related key agreement protocols · CPC title
in cryptographic circuits · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9589159B2 cover?
- Two processing elements in a single platform may communicate securely to allow the platform to take advantage of the certain cryptographic functionality in one processing element. A first processing element, such as a bridge, may use its cryptographic functionality to request a key exchange with a second processing element, such as a graphics engine. Each processing element may include a global…
- Who is the assignee on this patent?
- Vembu Balaji, Navale Aditya, Sadhasivan Sathyamurthi, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/84. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).