Secure public key acceleration
US-9547778-B1 · Jan 17, 2017 · US
Secure public key acceleration
US9892267B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9892267-B1 |
| Application number | US-201615372697-A |
| Country | US |
| Kind code | B1 |
| Filing date | Dec 8, 2016 |
| Priority date | Sep 26, 2014 |
| Publication date | Feb 13, 2018 |
| Grant date | Feb 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
First claim
Opening claim text (preview).
What is claimed is: 1. A device comprising: a system on a chip (SOC) including one or more processors wherein at least a first processor of the one or more processors serves as a central processing unit (CPU) of the device, the SOC further including a security circuit coupled to the first processor, wherein the security circuit includes a first key that is inaccessible to instructions executed on the one or more processors; and a biometric sensor coupled to the SOC and configured to sense biometric information for an authorized user of the device, wherein: the security circuit is configured to authenticate the biometric sensor on behalf of the SOC using the first key, wherein the authentication includes verifying that the biometric sensor is present and is the proper circuit to communicate with the SOC; and the SOC is configured to accept biometric information from the biometric sensor subsequent to the security circuit authenticating the biometric sensor using the first key. 2. The device as recited in claim 1 , wherein the biometric sensor comprises a fingerprint sensor. 3. The device as recited in claim 1 wherein, responsive to user information input to the biometric sensor, the device is configured to validate the user. 4. The device as recited in claim 3 , wherein the device prevents access responsive to a user validation failure. 5. The device as recited in claim 3 , wherein the device permits access responsive to a user validation success. 6. The device as recited in claim 5 , wherein the device is configured communicate with a secure element, and wherein the security circuit is configured to confirm an identity of the user to the secure element responsive to the user validation success. 7. The device as recited in claim 6 wherein the secure element is configured to accept the identity of the user based on a trust relationship between the secure element and the security circuit. 8. The device as recited in claim 1 wherein the security circuit is configured to reject interaction with the biometric sensor responsive to a failure to authenticate the biometric sensor. 9. A system comprising: a secure element configured to store user data specific to a user; and a device configured to communicate with the secure element, wherein: the device comprises a security circuit and a biometric sensor; the security circuit includes a first key that is inaccessible to instructions executed in the device; the security circuit is configured to authenticate the biometric sensor on behalf of the device using the first key, wherein the authentication includes verifying that the biometric sensor is present and is the proper circuit to communicate with the SOC; the biometric sensor is configured to sense biometric information for an authorized user of the device; the device is configured to authenticate the user responsive to biometric information from the biometric sensor subsequent to the security circuit authenticating the biometric sensor using the first key; and the device is configured to confirm an identity of the user to the secure element responsive to authenticating the user. 10. The system as recited in claim 9 , wherein the biometric sensor comprises a fingerprint sensor. 11. The system as recited in claim 9 , wherein the device prevents access by the user responsive to failing to authenticate the user. 12. The system as recited in claim 9 , wherein the device permits access by the user to the device responsive to successfully authenticating the user. 13. The system as recited in claim 9 wherein the secure element is configured to accept the identity of the user based on a trust relationship between the secure element and the security circuit. 14. The system as recited in claim 13 wherein the secure element is configured to transmit the user data corresponding to the user to the device responsive to accepting the identity of the user from the device. 15. The system as recited in claim 14 wherein the secure element is configured to perform an action on behalf of the user responsive to accepting the identity of the user from the first device. 16. The system as recited in claim 13 wherein the secure element is configured to store device data specific to the device but not specific to the user, and wherein the secure element is configured to permit the device to access the device data responsive to the trust relationship and independent of confirmation of the identity of the first user. 17. The system as recited in claim 9 wherein the security circuit is configured to reject interaction with the biometric sensor responsive to a failure to authenticate the biometric sensor, and wherein the security circuit is configured no to confirm the identity of the user responsive to the failure. 18. A method comprising: authenticating a biometric sensor in a device by a security circuit in the device based on a first key that is inaccessible to instructions executing in the device, wherein authenticating the biometric sensor includes verifying that the biometric sensor is present and is the proper circuit to communicate with the SOC; accepting biometric information from the biometric sensor in the device responsive to authenticating the biometric sensor; authenticating a user responsive to the biometric information in the device; confirming an identity of the user to a secure element responsive to authenticating the user; accepting the identity of the user by the secure element responsive to a trust relationship between the secure element and the device; and transmitting user data specific to the user from the secure element to the device responsive to accepting the identity of the user. 19. The method as recited in claim 18 further comprising performing an action on behalf of the user on the secure element responsive to accepting the identity of the user. 20. The method as recited in claim 18 further comprising transmitting device data corresponding to the device from the secure element to the device responsive to the trust relationship and independent of accepting the identity.
Assignees
Inventors
Classifications
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
- G06F21/602Primary
Providing cryptographic facilities or services · CPC title
Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations · CPC title
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9892267B1 cover?
- In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. …
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).