CN102013977A - System and method for remote device registration - Google Patents

System and method for remote device registration Download PDF

Info

Publication number
CN102013977A
CN102013977A CN2010106218685A CN201010621868A CN102013977A CN 102013977 A CN102013977 A CN 102013977A CN 2010106218685 A CN2010106218685 A CN 2010106218685A CN 201010621868 A CN201010621868 A CN 201010621868A CN 102013977 A CN102013977 A CN 102013977A
Authority
CN
China
Prior art keywords
server
data
controller
key
sensitive data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010106218685A
Other languages
Chinese (zh)
Other versions
CN102013977B (en
Inventor
布赖恩·尼尔
阿肖克·瓦德卡尔
徐大鹏
安东尼·J·沃尔特斯
托尼·罗萨蒂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BlackBerry Ltd
Original Assignee
Certicom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CA2510366A external-priority patent/CA2510366C/en
Application filed by Certicom Corp filed Critical Certicom Corp
Publication of CN102013977A publication Critical patent/CN102013977A/en
Application granted granted Critical
Publication of CN102013977B publication Critical patent/CN102013977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer. In an alternative arrangement overproduction may be inhibited by introducing a separation of duties within a manufacturing process. Typically a producer will contract out the various stages of manufacturing to multiple contractors. In general, separation of duties involves purposefully separating manufacturing stages, for silicon chips or other devices, so that the end product must have been ''touched'', by each subcontractor, in order for the end product to be fully functional.

Description

The system and method that is used for remote device registration
The division explanation
The application is to be on June 12nd, 2006 applying date, and application number is 200680025923.6, is entitled as the dividing an application of Chinese patent application of " system and method that is used for remote device registration ".
Technical field
Relate generally to of the present invention wherein contains the manufacturing of the device of sensitive data, relates to Long-distance Control particularly and monitors the injection of this sensitive data in this device.
Background technology
Participate in the device of cryptosecurity communication system, generally can have certain type the unique and constant information that when device is made, is injected in the device.This information can be cryptographic key, shared secret or some other data that may be arrived the intrinsic unique attribute of device by cryptographic binding.This information may be generally known as " key ", and the injection of information generally can be called device " encrypting key " or " key injection ".
The purpose of injecting key is to guarantee after device is distributed, and puts the believable participant that this device is accepted as safe communication system in certain of future.But the producer of device usually can wish to guarantee device by legal manufacturing, thereby wish that protection is injected into the key in the device.The producer generally attempts to protect key to protect following income, because the authentication of key can be used to provide the visit with good conditionsi for safety system and content thereof etc.In addition, the key that is injected into is very important, because it makes the client of device or user can avoid registering the required lengthy process of device.
Trusted based on password authenticated key, can be authorized this with good conditionsi visit of device system.This trust is based on the following fact: it is unusual difficult reproducing the data of being trusted outside manufacture process.The system that provides conditional access comprises, for example, satellite television and radio, these systems diffuse information constantly, thereby but wish that control is used to provide the income of this content to the visit control of their content.These systems rely on manufacture process and original device producers (OEM), and key injects specifically, to provide to equipment and finally to the root of the trust of whole safe communication system.
Be injected into key in the device and be sometimes reference format and buy from authorities, for example, high-definition content protection (HDCP) key, when data were sent to your display etc. by the computer from you via cable, this key was used to protected data.Authorities thereby also protected and do not lose interested to the key of guaranteeing to be distributed to device producer.This has been to having produced producer's responsibility, thereby has increased the importance that protection is injected into key.In some cases, the producer may be because lose or duplicate key and penalized, and if they obtained the reputation when process key, neglected, authorities may limit or retrain the distribution of key so.Keeping this relation usually is important for the producer, especially when key is the compatible required reference format of device and other devices and/or infrastructure.In this case, if can not use specific key, device can not be worked as expected.
In the modern commerce environment that comprises ever-increasing device complexity and fineness, commonly each parts are made and encrypting key by a producer, then by another producer's assembling.In this case, when the owner of the producer of device or communication system is not the producer of device, just there is some potential safety hazard.Thereby, for device producer, guarantee that the authenticity of manufacturing system that the authenticity of the producer's device is responsible for is vital.
When considering the authenticity of manufacture process, special what be concerned about is the relevant problem of confidentiality with the secret information that is used to make device, and guarantees the problem that the producer accurately informs the producer with the identity and the quantity of the unit of manufacturing.Ideally, the producer of device should obtain the assurance that the producer does not have establishment and distributes " grey market " or " black market " parts or device as far as possible.For example, the encrypting key product of some is sent back to the producer, still still had the producer who remains key, can use those unnecessary keys to come the produce and market device then.The producer thereby can lose income is because the producer is the people who makes a profit from sell.Other behavior as clone or stealing key also may occur, and this is difficult to detect and control during by outsourcing in the encrypting key process.In some cases, key may come forth and make the user can obtain the visit of condition visitation system on the internet and need not to be this services pay.
Traditionally, be concerned about that the producer who the information injection stage is maintained secrecy at manufacturing site location does not almost have other to select, can only the utmost good faith producer with due regard to the mode of producer's device and security of system operate.Protection mechanism generally is inmature, because encrypting key information is generally by encrypting key in batch and be sent to the producer, in the producer there, information is in case arrive, and all encrypting key information are just deciphered at once, and the producer is trusted the information that can not endanger in batch.
Restriction is to use online client-server mechanism to a method of encrypting key message reference.Have this mechanism in place, the client computer at producer's equipment place will be connected to network, and will provide the encrypting key information of server requests based on each device to remote cipher key under the producer's control.
Realize this dependence outside the venue, the server of long-distance on-line and provide the manufacturing system of encrypting key information to have a lot of problems in real time.The most primary problem is, if server uses public shared packet switching network outside the venue, just can not guarantee making the lowest service level or the response time of line.In order to prevent to make the problem on the line line, a certain service level with regard to time-delay and throughput is optimum.Given modern production present situation is promptly made line and is present in long-range compass of competency with respect to the producer, and this guaranteed network availability may be very expensive.
Before the material that is necessary that comprises data material all was not ready to, manufacturing equipment generally can not begin production run.Otherwise the danger that production line postpones will be very high.Any encrypting key system that the producer uses all should be able to guarantee service availability basically and appropriate responsive is provided.This required before production run all data sources and encrypting key information all local available.
Suppose that all data sources must be to being present in the production line on the computer system and directly the medium this locality under the control is not available the producer, the producer must consider how to guarantee the confidentiality of any private cryptography key information.
In order to begin and to finish production run, enough data should be available to producer this locality.Find the producer producer also should consider how to prevent such rascal producer production grey market or black market product after termination of contract under the situation of behavior of producer's unauthorized and breach of contract.
Another problem relevant with the clone comes from excessive production, and this is a kind of clone operations of particular type, and this operation is the special care of the producer of silicon.When the producer of integrated circuit (IC) was contracted out to their IC design one family or how tame third party manufacturing company and makes, excessive production may take place.The purpose of outsourcing some or all manufacturing step is by selecting and can providing the third party of best price to reduce production costs to the concrete stage in the manufacture process.For example, no plant design chamber (for example producer) may be wished and overseas manufacturing firm contracts produces the chip that they have designed.Overseas manufacturing firm like this is often selected, because they can relatively inexpensively produce electronic component.
But, outsourcing generally can increase specific contract can excessive production their the signatory product that will produce with the risk of supply grey market.For example, the excessive production of the design IC that if signatory producer breaks one's word and provide according to the producer, and do not notify the producer that this excessive production has taken place, so extra product will be sold as " forgery " or " clone " IC in the grey market channel.This just allows the third party producer to realize extra profit and income, and this is to be that the producer/designer's income and following product demand are cost with their client.
Above-mentioned situation may be because in these cases, and usually the producer is except just receiving the engineering sample no longer treatment product when the production phase begins.Therefore, in each stage of the manufacture process after design, all have an opportunity to steal parts and product.In some cases, the contract producer's of good credit employee being arranged may be the robber.When the employee directly when making line and steal product, " output is shunk (yield shrinkage) " may occur.This is not only because income is harmful to the producer and contract producer, and also harmful to relation between the producer that carries out following business and the producer.
Therefore, the objective of the invention is to eliminate or reduce above-mentioned shortcoming.
Summary of the invention
The invention provides and make that hope can be from the system and method that remote location monitors and protection device is produced to the producer of the entity of at least a portion use separation of manufacture process.
The present invention also provides and has been used to make sensitive data to separating between the entity that is added on separation of product to forbid because the device of the grey market product that excessive production and output shrink cause.
In one aspect, the invention provides a kind of being used in the method for device production process medium-long range control sensitive data to the injection of device.This method comprises the steps: controller preparation and the sensitive data of cryptoguard in transfer of data; Controller sends to server with transfer of data, and server has the security module that is used to carry out Password Operations; Security module is extracted sensitive data from transfer of data; And server offers equipment with sensitive data and is used for being injected into device; Wherein, controller is remotely placed with respect to server.
In yet another aspect, the invention provides a kind of being used in the system of device production process medium-long range control sensitive data to the injection of device.This system comprises: the controller with first security module that is used to carry out Password Operations; Server is remotely placed with respect to server and is connected to controller by forward path and backward channel, forward path is used for transfer of data is offered second security module of server by controller, transfer of data is carried out cryptoguard to sensitive data, and second security module is extracted data from transmission; And the agency, operate with equipment, be used for after extracting data, injecting data from transmission, the agency obtains data from second security module.
In yet another aspect, providing a kind of is used in the module of a plurality of stage control sensitive datas to the insertion of device.This module comprises cryptographic transformation, data flow in cryptographic transformation intercepting and capturing and the transformation device and the cryptographic key that is stored in the memory, the part of sensitive data was added in the cryptographic key in each stage, cryptographic key is transformed and is used for its operation, wherein, after sensitive data successfully inserted, cryptographic transformation correctly changed data flow.
In yet another aspect, provide a kind of method of sensitive data that be used for controlling to the injection of device.This method may further comprise the steps: module is included in the device, and this module has the cryptographic transformation that is used in that device is intercepted and captured and transform data flows; And in a plurality of stages in device production each is added the part of sensitive data in the memory that is stored in the module; Wherein, after sensitive data successfully inserted, cryptographic transformation correctly changed data flow.
Description of drawings
Only embodiments of the invention are described below with reference to accompanying drawings in the mode of example.
Fig. 1 is the schematic block diagram of remote device registration system;
Fig. 2 is the schematically illustrating of illustrated graphic user interface (GUI) among Fig. 1;
Fig. 3 is schematically illustrating of distribution of images;
Fig. 4 is the flow chart of injection of diagram key and reporting process;
Fig. 5 is the flow chart of diagram preparation process;
Fig. 6 is a flow chart of describing credit indication process;
Fig. 7 illustrates the mapping scheme of another embodiment that supports a plurality of products;
Fig. 8 illustrated the example of the Log Report that filters; And
Fig. 9 is the block diagram of another embodiment of diagram remote device registration system.
Figure 10 is the schematic block diagram that uses the embodiment that the key in a plurality of stages injects in manufacture process.
Figure 11 merge to use the embodiment of Figure 10 to separate the schematically illustrating of mask that key injects the registration model in stage.
Figure 12 is schematically illustrating of stage embodiment illustrated in fig. 10.
Figure 13 is the flow chart of being taken steps when the embodiment that uses Figure 10 produces device.
Figure 14 is the schematic block diagram according to the example product of mask production shown in Figure 11.
Embodiment
With reference to Fig. 1, remote device registration or the key injected system of being trusted are generally indicated by mark 10.The producer 12 of device 22 utilizes the service of the entity that separates, and unique and constant information is injected in the device 22, and described in this case entity is outside producer 14.Information can be cryptographic key, shared secret or some other data that can be arrived the intrinsic unique attribute of device 22 by cryptographic binding, and this information will be known as " key " hereinafter.The step that key is injected in the device 22 will be known as " encrypting key " or " key injection " hereinafter.
The producer 12 utilizes controller 16, and concerning producer's equipment, controller 16 is long-range computer systems.Controller 16 comprises hardware security module (HSM) 11.HSM 11 is used to carry out shielded device as the cryptographic security operations of encryption, deciphering and mark by controller 16.HSM 11 can be anti-tamper (for example being difficult to visit physically) or can react to distorting (tamper reactive) (if for example being distorted with regard to obliterated data).Controller 16 is responsible for key and out of Memory packing and is passed to producer 14, also is responsible for monitoring the distribution and the use of 14 pairs of keys of producer.The producer 12 usually from as the external source of authorities for example the producer of HDCP key obtain the bulk key (not shown).Key is stored in the data storage device 15, is distributed to concrete producer 14 up to them.Controller 12 and operation thereof can be used graphic user interface (GUI) thereby operator's supervision of 13, modification Be Controlled.GUI 13 generally is to use the personal computer (not shown) to show and the software application mutual with it.
Controller 16 is connected to the server 18 that is positioned at producer 14 by pipeline 23.Pipeline 23 comprises two forward communications passages, i.e. control channel 26 and distribution channel for distribution 25, and backward channel 24.Control channel 26 controlled devices 16 are used for measuring the quantity of producer's 14 operable keys by sending the credit indication.Distribution channel for distribution 25 controlled devices 16 are used for protected key block is distributed to manufacturing device 14.In order to report and examine purpose, backward channel 24 is used to make controller 16 to know the use of key by system 10.Passage 24,25 and 26 can be any communication passage, and needs not be reliable or safe.Operation technique mechanism combines with processing/process, and reliability and fail safe on passage 24,25 and 26 are provided.For example, if be sent to message not deciphering because it is destroyed of module 18 on forward path 26, the user can phone the operator of system controller module 16, allows them send message once more then.
Producer 14 utilizes one or more servers 18, and concerning producer's facility, server 18 is local computer systems, and the message by being sent by controller 16, and the activity of server is monitored and measures.Server 18 is also reported by backward channel 24 and is returned to controller 16.Server 18 comprises and the HSM 11 similar HSM28 that utilized by controller 16.HSM 28 storage indication producers 14 can use the protected credit pool 30 of how many keys.The use of key by controller 16 by monitoring data that serviced device 18 is reported and correspondingly adding deduct and measured from credit pool 30.Credit pool 30 be illustrated in server 18 must slave controller the abstract concept of the number of keys that can be deciphered by HSM 28 of 16 requests and obtain before more keys.Controller 16 to server 18 distributed keys, and explains more fully that as following server 18 can be stored in key in the local data memory spare 17 on distribution channel for distribution 25.
Producer 14 utilizes one or more equipment 20, and equipment 20 is used to inject encryption key in device 22.Usually, encrypting key takes place at the test phase of manufacture process, thereby equipment 20 usually is the test machine on the assembly line.Equipment 20 comprises key proxy 21, and key proxy 21 generally is to be loaded onto software program or the kit that is used at the equipment 20 of application side managing keys injection.Key proxy 21 is communicated by letter with request when key is required and is obtained key with server 18.Usually, thus server 18 will provide enough keys can not destroy the sequential of production process to key proxy 21.But server 18 will not provide the use of the key of unnecessary quantity with the restriction key, provide the encrypting key mandate up to the measurement according to credit pool 30 by controller 16.
Usually, key proxy 21 has indicates the threshold level when particular device 20 needs new a collection of key, not destroy production.Because controller 16 does not generally continue to communicate by letter with server 18, so followingly be explained in more detail below, before controller 16 can obtain the key operation report from server 18, controller 16 can be adjusted its parameter to guarantee that be available by server 18 enough encrypting key materials for equipment 20, guarantees not have the serviced device 18 of too much key data to discharge simultaneously.
Key proxy 21 preferably includes application programming interfaces (API), and it moves on equipment 20 so that the operator of equipment self can be manually or with automated manner request key.Key proxy 21 is used for that data passes provides the protection of certain level between server 18 and equipment, and can be considered to the simplification secure socket layer (ssl) between server 18 and the equipment 20.Be to be understood that if resource allows key proxy 21 can also be used himself to be connected with SSL between the server 18 and be implemented.Key proxy 21 also is responsible for generating the report record when key is used, the report record is sent out back the purpose that server 18 is used to report.
Controller 16 is to be used to monitor and measure the order center that the key by producer 14 injects.In order to control encrypting key from remote location, GUI 13 persons of being operated are used for monitoring and dispose each producer 14, server 18 and equipment 20 under controller 16 controls.Example GUI 13 shown in Figure 2.GUI 13 is divided into server window 200, controller window 204 and device window 202.Server window 200 comprises that the producer of controlled device 16 control tabulates 14 and server 18.The specific controller 16 of indication in controller window 204.The operator can select specific producer (for example, the producer A shown in Fig. 2), and is displayed in the device window 202 with producer's associated device 20.
In example shown in Figure 2, the window that provides about the information of server 1, server 2 and server 3 is provided the server at producer A place.Each server has some data that is associated with it.For example, as shown in Figure 2, each server comprises free memory that they are shown, available credit and the process hurdle of the quantity of the key that can use for each type of Key Tpe 1 and Key Tpe 2.Each tester window is show log information also, processed date of for example previous report, the credit of previous report, previous magnitude of recruitment (refill amount) and about the data of the log record that lacks.Server window also provides option 214 and 216 with slave controller 16 Remote configuration and forbidding server 18 to the operator.
Controller 16 has the ability of Remote configuration server 18.This allows controller 16 to change Key Tpes, increases or deletion Key Tpe and control other config option.This preferably realizes by sending configuration messages along control channel 26 to server HSM 28.HSM 28 can assess configuration messages, and some configuration messages change the behavior of HSM 28 thus, and other configuration messages is sent to server 18.Make in this way the configuration messages that is sent to server 18 via HSM 28 can assist in ensuring that server 18 obtains by the configuration-direct that comes self-controller 16 that trust and known.
Controller 16 may be by key proxy 21 in server aspect or equipment aspect Remote configuration system 10.Controller 16 can also force the poll of server 18, and can adjust the interval of conventional poll.Usually, server 18 is polled with fixed intervals, and controller 16 can use when needed and is forced to poll with acquired information between the interval.For example, with regard to one day interval, controller 16 may need data report giving the manager on the same day, thereby the poll that can force Servers-all is to obtain this data.GUI 13 can also comprise the controller E-mail option, this option allow controller 16 as the extreme environment of deciphering or distribution failure in crucial production run under contact management person automatically.
Each key that is distributed to server 18 by equipment 20 and is injected in the device 22 triggers some log record under some incident.GUI 13 can be used to search, classification, editor and analyze log record, and browses as shown in Figure 8 customization or standard report 400.In this example, there are three main log records that are generated.When key is distributed to server 18 by the producer 16, key is generated to server log 402, HSM 28 key is discharged to key proxy 21 on that key generated by HSM 28 to proxy log 404, and after key was injected into, key injected daily record 406 and is generated by key proxy 21.Each log record can comprise the identifying information of any number, and these identifying informations comprise ID type, timestamp, producer, equipment etc.In example report shown in Figure 8, the key that report 400 illustrates for the key with serial ID=001 injects daily record 406 to server log 402, key to proxy log 404 and key.These records can be used to follow the tracks of the life cycle of the key with this serial ID number then.Should be appreciated that report 400 can comprise the record of any number, and can be based on any suitable field and by the filter choosing.For example, can correspondingly be edited in the report 400 of all keys of injection on May 3 at the tested test-run a machine 2 in producer A place by filtering date field and location field.
Referring now to Fig. 3, the producer uses the distribution of images 40 that will be sent to server 18, and the producer 16 can preferably use a collection of group key in the secure data transmission to encrypt and pack.Distribution of images 40 makes the producer once comprise the key that is used for a plurality of products that is assigned to a plurality of servers 18 in the transmission.But only after HSM 28 received authentication via control channel 26 slave controllers 16, the key of a certain quantity can be deciphered and obtain to each server 18.Image 40 is set of data record, each record containing type 58, ID 60, size 54 and data 56 fields, and at data field 56, data 56 will generally comprise the key data by arbitrary size of size 54 identifications.Type 58 and ID 60 fields are used for discerning key data by HSM 28, depend on the configuration of HSM 28, as previous indicated via control channel 26, may be used to filter some key.Key may be packed, makes to realize being indifferent to for target cipher key what in fact resembles.This makes it flexible and extending, and need not to do redesign for each new Key Tpe.Packing (wrapper) should containing type, size and unique ID, and body is abstract.Packing also can comprise the element of the more advanced features of support, for example is assigned to daily record or variable in the abstract graph picture.
Image 40 usefulness image key 42 are encrypted.Image key 42 serviced devices 18 are used for decrypted image 40 and obtain key.Image key 42 by self-encryption, and is stored as server head 48 for each server 18.The set of server head 48 is stored in the main head 46.For decrypted image 40 and obtain key, head 48 serviced devices 18 select and by HSM 28 deciphering to obtain image key 42.Image key 42 is used to decrypted image 40 then.
As previously mentioned, distribution of images 40 may be used to support a plurality of products.With reference to Fig. 7, show the mapping of product type and data block in addition.For example, the producer 16 has three products, be that γ (gamma) utilizes key 1 (having the label 1 of filtration), the configuration block (also having the label 2 of filtration) that β (beta) utilizes key 2 (have and filter label 2) and follows, and α (alpha) utilizes key 1, key 2 and configuration block.Image 40 can comprise Key Tpe 1 and Key Tpe 2 in batches, and γ (gamma) and β (beta) product can not have α (alpha) product complexity so.The producer 16 can use packing data single image 40, for example, every 50, certain test machine (for example test machine 1) has the permission that the producer makes thus, thereby may obtain to be used to produce 50 (50) filtration label 1 and 2 of 50 α (alpha) product.Another test machine (for example test machine 2) can have the permission that the producer makes simultaneously, thereby obtain 50 (50) from image 40 and filter label 1 producing 50 β (beta) product, and 50 (50) filter label 2 to produce γ (gamma) product.Image 40 can comprise all key datas, may comprise polytype key, to produce the single product of any product type.Product type or product type that test machine just is being programmed to server 18 signs.This type information is sent to HSM 28 with encrypted image 40, makes that key data 50 can be filtered when HSM 28 decrypted image 40, and the required key data of the product type that has only programming to identify is just discharged to test machine by HSM 28.Therefore, the producer 12 can support a plurality of products with single image 40, takes measures simultaneously to guarantee that producer 14 can only make the product that they should make.
Because image 40 can be supported a plurality of products, so log record is used to follow the tracks of the key injection of the reality of carrying out at the test machine place, this will explain below more fully.By the trace log record, the producer 16 just can attempt test example and whether return 50 γ products rather than 50 alpha productions (they are paid and will produce) as producer 14, and they may sell 50 β products on grey market or black market thus.This species diversity may be malice may not be yet, but under any circumstance can reasonably be discerned.
Figure 4 illustrates key and report the typical life cycle of giving controller 16 at backward channel 24 from its HSM 28 that is distributed on distribution channel for distribution 25.The piece that highlights among Fig. 4 represents that by security module be those steps that HSM 11 and HSM 28 carry out.Controller 16 at first obtains standard key in batches from outside supplier.Controller 16 passes to key HSM 11 then, and 11 pairs of key blocks encryptions of HSM, and each piece contains a certain Key Tpe of measuring quantity.Should be appreciated that key also may be become the piece have more than a Key Tpe by bulk encryption.Controller 16 will be stored in the memory device 15 by the key of bulk encryption then, receive indication or other orders that the indication key block will be distributed up to it.
When the producer's 16 distributed key pieces, it at first obtains by the piece of bulk encryption and this piece is passed to HSM 11.11 pairs of these pieces of HSM are decrypted and key block are encrypted again to transmit with image key 42.Then, for each server 18, image key 42 self is encrypted to produce each head 48.These heads 48 are stored in the group 44 of main head 46.Here, to be used to distribute by encrypted secret key again, HSM 11 generates keys to server log 402.Daily record 402 is locally stored at the producer 12 places and is used for later analysis.On distribution channel for distribution 25, incite somebody to action again the encrypted secret key piece then and be distributed to server 18.
The encrypted key block that server 18 will be included in the image 40 passes to HSM 28, and HSM 28 is decrypted image 40 then.HSM 28 at first selects its specific head 48 from organizing 44, and image key 42 is decrypted.Image key 42 is decrypted then to obtain key from image 40.Then preferably, hash algorithm for example safe in utilization, MAC or digital signature are verified and filtering image 40.HSM 28 also encrypts again each key that obtains from image 40 then and is used for storage.The local then storage of server 18 is used by equipment 20 after encrypted secret key is used for again.The authenticity that should be appreciated that image 40 is based on unique symmetrical distribution key K of sharing between controller 16 and server 18 S1And K S2And assert.In case carried out successful authenticity examination, for example after sha-2 summary (digest) compared, it is believable that the message that is shared therebetween just can be considered to.
When controller 16 slave units 20 received request to a certain quantity key (for example N key), HSM 28 was given N key and deciphers.For in the N that is deciphered by HSM 28 key each, key is produced to proxy log record 404, and these keys are delivered to equipment 20 and are used for injecting.Here, key " not interrupted (in the clear) " thereby be ready for injection.
Equipment 20 injects each of N key, and key proxy 21 is injected log record 406 for each key production key that is injected into.HSM 28 will obtain key continuously and inject log record 406 to proxy log record 404 and key, and preferably these records be connected into the master log report R that is sent out back controller 16 on backward channel 24.
Each daily record preferably is connected to binary file, and it has identified the date that file is produced.R is preferably by HSM 28 encryption key k in report 1Encrypt, and be returned in the application program of moving on the server 18 on backward channel 24, to be sent out.Controller 16 can be deciphered report R then, and verifies each daily record (for example 402,404,406).Can tag to each daily record with step number with dullness.If all Record ID values of putting together are not continuously to gather, the operator of controller 16 will know the daily record that lacks in the tracking sequence where so.
Explain that as top when N key was distributed, controller 16 had been stored many keys to server log record 402 in advance to them.Therefore, controller 16 receives the report R that finishes life cycle for each key in certain time expectation in future, is deciphered and is injected in the correct device by correct server 18 to show the key that is distributed at first.Therefore, when Log Report was provided, controller 16 can be assessed them.Controller 16 can judge whether then and take any action, and for example intervenes manufacturing operation (for example stopping distribution) or more key is provided.Controller 16 also can obtain other information before the other key block of distribution.In this manner, controller 16 can measure distribution, and only just provides more key when the producer operates with good credit and provides accurate Log Report consistently.
Log Report (for example those shown in Fig. 8) makes the producer can recognize discontinuous in the ID sequence.For example, if but a large amount of key has been distributed does not report that also key arrives the agency or key injects daily record, the producer may lose this key so.This may show grey market or black market activity.Under another situation, report R can comprise key to proxy log 404, but does not comprise that the key for specific key injects daily record 406.This may show that problem comes from the particular device place of request key but not producer 14 is own.Therefore, producer 14 also can be used to Log Report R to examine purpose and discern inner rogue activity to safeguard itself and the producer's 12 relation.The life cycle of each key need be at the report record of operated each critical stage of key.Therefore, the information that is necessary of the producer 12 comes identification problem where to appear at and will make great efforts to proofread and correct or eliminate this problem.Preferably, Log Report not only comprises the information about the key sequence number, and comprises the information about Key Tpe.In this manner, the producer 12 can also judge whether on commission manufacturing of alpha production, and whether γ and β product may be produced.
Log Report provides information to stop producer 14 malice or dirty pool, and the means of the honesty of assessing existing producer 14 and the instrument that the evidence of any non-expectation activity is provided also are provided simultaneously.In the activity that detects non-expectation, the use of tangible evidence allow the producer 12 be not only with the attitude suspected in the face of producer 14, the important relationship between the producer 12 and the producer 14 takes place can save under the situation of (for example by the employee but not company itself cause) in this in the test machine aspect in illegal activity.
Except distribution,, controller 16 measures the key injection stage thereby also using control channel 26 to control credit pool 30.Credit indication process shown in Figure 6.HSM 28 must consume the credit from credit pool 30 when distributed image 40 being decrypted and obtaining key.As time goes by, credit pool 30 will reduce, and need use the credit indication file that is sent by controller 16 to replenish.
On control channel 26, controller 16 once only sends a control messages C to server 18.One that is included in the file of the preferred needs in this message is credit indication file.This document can be the encrypted data acquisition system that is used for particular server 18, and it is decrypted into the credit indication by HSM 28.Credit indication comprises token (token) ID, sequence number of sequence number, the server of HSM 28 for example and/or server 18, new credit and configuration data, and it is whole controlled device 16 marks.
After receiving control messages C, HSM 28 deciphers the credit designation data from control messages C, and certifying signature.If can use, HSM 28 also verifies as sequence number of himself and token ID.The checking of sequence number is performed then.Sequence number should be greater than the sequence of storage inside in HSM 28.In case be verified, the value that HSM 28 will upgrade its internal sequence number and credit pool 30 is set to the credit value in the credit indication.
Explain in conjunction with GUI 13 as the front, HSM 28 then with any configuration messages among the control message processing C to upgrade its internal configurations, so that controller 16 can advance configuration data to server 18, for example be used for the renewal of filtering rule, encrypting key information, credit rule etc.Configuration data can expect to be used for HSM 28, the application program or or even the key proxy 21 of operation on server 18.The configuration messages that HSM 28 seeks the type of definition is handled them.Configuration messages is marked as privately owned or public, then will be by HSM 28 controls to their visit.
Credit report C rBe the response of server to the indication of the credit among the control message processing C.Credit report C rCan comprise the sequence number of HSM 28 and token ID, current sequential value, currency, supplemental amount up to the present and the error code of credit pool 30, if do not have wrong the generation in credit indication processing procedure, error code is set to zero so.
Preferably use its mark key k by HSM 28 2Come mark credit report C rReport C for controller 16 rBe used the common encryption key k of controller then 3Encrypt.Report C rBe sent to controller 16 then, and store with Log Report R and to be used for above-mentioned audit purpose.
Before distributed key, the producer 12 and producer 14 can be through the preparation process with initialization HSM and servers 18.Shown in Figure 5 should the preparation process.HSM 28 produces and sends preparation request message P to controller 16.Message P preferably comprises the sequence number of the HSM 28 of just serviced device 18 uses.HSM 28 generates two cryptographic keys to k 1, k 2(for example RSA key to or preferably use elliptic curve cryptography (ECC)), (a k 1) be used to receive encrypted message, another (k 2) be used for the message of mark output.Preferably, at key to k 1And k 2Commutation period between, producer 14 in the physics controllable environment by cryptographically the guiding (cryptographically bootstrapped).
When controller 16 when server 18 receives the preparation request, it passes to HSM11 with request, HSM 11 checks that the authenticity of message distributes " token ID " for then producer 14.Two keys, preferably, symmetric key k S1And k S2(for example Advanced Encryption Standard (AES) key) is generated.As previously mentioned, these keys are used to protect controlled device 16 and server 18 at distribution of images on the distribution channel for distribution 25 40 and the Log Report R on backward channel 24.
HSM 11 generates preparation response message P ' then, and this preparation response message P ' for example comprises the token ID that is assigned with, and public keys that HSM encrypts and mark key separately are to k 3And k 4, distribution and backward channel symmetric key k S1And k S2, some initial-configuration data, and the Hash digest (hash digest) that is used for authenticity.P is similar to the preparation request message, supposes preparation response message P ' processed in the physics controllable environment (for example using the HSM protection).
Then, preparation response message P ' can be sent to server 18, and server 18 can be carried out initialization operation receiving its first preparation request back.The structure of preparation response can comprise and is decrypted into the part that comprises the independent structure that is used for the symmetric key that forward direction is communicated by letter with backward channel between controller 16 and server 18.Should be noted that these keys all are different for each HSM 28 (thereby and for each server 18), and be not share among one group of HSM.When the preparation process was finished, the normal exchange between distribution of images 40 and the control messages C can begin.
In another embodiment, as shown in Figure 9, system 10 can be retrofitted into and be realized being used to protect key to inject the existing solution in stage by producer 14.In the embodiment shown in fig. 9, add suffix " a " with similar mark and represent similar unit.For example, producer 14 can have equipment 20a, and equipment 20a comprised and be used for string " BCA " is transformed into the scrambler 74 of " ABC ", wherein device 22 by line to accept ABC as the key that is injected into.In this manner, if key " BCA " is stolen or mistake is put, it will not worked to device 22a so, because scrambling does not also take place.These trials aspect the protection key, though realize easily, generally all very inmature, and suitable protection level can not be provided.By this protection of compatibility, system 10 may be retrofitted into equipment 20a then, and does not cancel the existing solution that has been implemented.Therefore, producer 14 extra charge that is used for realization system 10 can be avoided.This remodeling can be implemented up to complete redesign and be guaranteed, layout at this moment shown in Figure 1 can be used.
For the existing solution of compatibility, system 10 stores one group of object that is labeled 72 at server 18 places, and they are to be associated with particular device 20a and after HSM 28a discharges key and carried out the set of the executable file that has solution now before key injects.In this manner, key is changed with the existing solution of compatibility, and equipment 20a and not knowing.As shown in Figure 9, controller 16a will at first need to visit the executable file (exe) 70 that used by equipment 20a so that existing solution to be provided.Controller 16a passes to HSM 11a with executable file 70 then.HSM 11a is mark executable file 70 then, and the executable file 70 that is labeled is passed to HSM 28a, and HSM 28a is stored as the object 72 that is labeled with the executable file 70 that is labeled then.In operation, when a collection of key that equipment 20a please look for novelty, server 18a verifies executable file with the signature that dependence is stored in the executable file among the HSM 28a.In case server 18a has verified executable file 72, it will send the executable file key with by scrambling so.
For example, equipment 20a request key BCA makes key A BC be injected among the product α (alpha) to present to the scrambler among the device 22a 76.HSM 28a determines that product α has the subject executable A that is labeled, and is used to revise key A BC.The subject executable A that is labeled is verified, and is applied to key A BC, causes the key BCA after the scrambling.Key BCA after the scrambling is sent to equipment 20a then, and scrambling plays 76 and revises key BCA and make it inject key A BC.Equipment 20a does not recognize that (what it received) key BCA is stored as ABC by server 18a with protected form.The key that should be appreciated that serviced device 18a storage can also be with the form as CAB, is modified to then to read BCA and be used for scrambling and be used for injection to be transformed into ABC.This situation may take place when following situation: ciphering key AB is canonical form and must be modified to adapt to the existing solution that CAB wherein can not be accepted as key.Therefore, the object 72 that is labeled will comprise the compatible required any program of existing solution that is realized by equipment 20a, and the example that provides above only is used for illustrative purposes.
The object 72 that is labeled forbids that also malicious code is loaded onto among the server 18a to revise key before injecting, and this is because before the executable file that is labeled is used to key, generally at the key that will be released to machine it is verified.System 10 thus can provide the safe class of increase simultaneously compatible existing solution.
Therefore, by utilizing the Remote System Controller 16 that separates with server 18, the producer 12 can monitor producer 14 activity by HSM 28, and measures credit.The producer 16 thereby can manage the injection of encrypting key information on device 22 correctly reports the identity and the quantity of the unit that the producer 12 is made to guarantee producer 14.This makes the producer 12 can guarantee that producer 14 does not produce and distribution grey market or black market product or device 22.
Under said process and system 10 situation in place, the producer 12 can monitor the production at producer 14 places.The producer 12 uses the credit indication among the control messages C, by increasing or remove the available credit of using by producer 14, and production that can measurement device 22.
Should be appreciated that system 10 is not limited to a producer 14 as shown in Figure 1, and each producer 14 also is not limited to one group of equipment 20.System 10 also is not limited to the use of single controller 16.The hardware that HSM 28 is most preferably trusted is with the authenticity of protection key value and credit pool 30.In addition, the encrypting key information that is included in the distribution of images 40 must be encrypting key information not necessarily, and also can be any data element of need to be keep secret and authenticity.For the requirement of encrypting key data, the system 10 that strengthens device activation granularity for hope is typical.
In alternative layout, example shown in Figure 10 to 14 and described in more detail in the back, excessive production may be under an embargo by introduce the responsibility separation in silicon chip or device manufacturing processes.Usually, the producer 12 can be contracted out to a plurality of contractors with the different phase contract of making.Generally speaking, responsibility is separated the fabrication stage include destination divided silicon chip or other devices, make final products must be by each person of subcontracting " contact " so that final products work fully.Because grey market is generally provided by the single contractor who breaks one's word on single fault point or the manufacturing chain, so force one group of contractor's operation in tandem, this just means that two or more persons of subcontracting must conspire the opposing producer 12 for the subassembly or the device of non-incompleteness are provided to grey market.Final products and subassembly thereof should be finished all fabrication stages to work fully.Generally speaking, when a plurality of persons of subcontracting needed collusion in order to steal, the risk of attacking the producer 12 just was greatly diminished.
In the production of silicon wafer, several stages generally takes place, they are divided between several third party producers through being everlasting.The producer 12 of design chips will create design in a data file or a plurality of data file, often be called " net table (net list) ".The net table comprises the descriptive language of computer code form, and how production mask is to produce silicon wafer to be used to indicate the third party, from this silicon wafer, and the packed and distribution of IC.
For example, in illustrative manufacture process, mask may be sent to the silicon producer who makes silicon wafer according to mask by the producer 12.Wafer can be sent to wafer testing apparatus then, and each chip is directly tested on wafer there, and by electronic ground mark, makes when being cut, and has only each chip that passes through will be forwarded to sealed in unit.Sealed in unit can and be packaged into Chip Packaging with silicone coupling, and tests the chip of final encapsulation once more.The chip of finishing generally is sent to OEM then, and chip is installed on the printed circuit board (PCB) there, the part of product during printed circuit board (PCB) is finished, and the device products of finishing is sent to distribution channel for distribution, finally arrives client.
Above-mentioned illustrative manufacture process generally comprised in design and a plurality of stages of silicon to generation between device integrated, promptly made, tests, encapsulated and install.Occur in the individual facilities place with should be appreciated that all these stage chocolate-substitutings, and more a plurality of stages can be arranged, arrive any N stage at most.These stages each, excessive production or output all might take place shrink.
Referring now to Figure 10, the producer's 12 designing masks 90.Mask 90 is used to produce registration device 22, in this example, is IC.Device 22 comprise will be included in the sensitivity or the fixed information of certain form in its design, and preferably can not operate under the condition of this sensitive information not having.In this example, the producer 12 makes entity with the two or more third parties that carry out moment in the whole manufacturing of device 22 and sets up contract.Figure 10 shows first fabrication stage 100, second fabrication stage 102, up to N fabrication stage 104 arbitrarily.
Producer producer 12 distributes mask 90 on product distribution channel for distribution 80.Mask 90 was sent to for first fabrication stage 100, in the part of this stage generation manufacturing, as the production of silicon wafer.When the phase I 100 finished, the product that the part that obtains is finished was sent to for second fabrication stage 102, to finish the second portion manufacturing, as the test of wafer.For each stage, this all is repeated until any N stage, and the registration device 22 that this stage works the most fully transports to distribution entity 106.
In making entity 100 to 104 one is transferred to grey market 110 in order to prevent uncompleted product or subassembly, and " responsibility separation " is employed.It is the manufacturing of each fabrication stage and separating of data programing responsibility that responsibility is separated, and making that institute has a responsibility for must be by the contractor of the anticipation order execution with anticipation, and this production to the device of finishing non-incompleteness is necessary.In this example, the responsive task of injecting as code data was injected in a plurality of stages, and each in a plurality of stages was realized by different manufacturing entities during the different fabrication stages.In order to separate (a plurality of) responsive task, the producer 12 merges to Registering modules 92 in the mask 90 in the defined design.Module 92 is used and makes when mask 90 that by editor to produce device 22, key signal and the data flow in the silicon intercepted and captured in mathematic(al) manipulation, enabling signal for example, and if mathematic(al) manipulation can not operate, device 22 is incomplete.Because performance, mathematic(al) manipulation preferably are extensive use of the cryptographic transformation of XOR (XOR) operation, but this is not requirement.In each stage of manufacture process, can operate in order to make mathematic(al) manipulation, the increase by critical data or increase progressively is registered, and critical data for example is the part of password encryption key data.By this way, if the wafer that produces in phase I 100 is by excessive production and be supplied to the grey market stage 2 to N, as shown in figure 10 110, product 112 is incomplete so, generally be because it also do not receive required all the essential code datas of normal running.
Preferably, as shown by example in Figure 10, at each manufacturing step, the report that key injected system 10 described above can be used to distribute in Fig. 1 to 9, measurement and imploring key inject the stage.In this case, even all entities are all conspired distribution grey market product, because incomplete Log Report, the producer 12 also can detect this behavior, and if necessary, forbids the distribution of further encrypting key data.Should be appreciated that alternately system 10 can be used in the stage of any number, and need not be used at each or any stage.For example, second stage 102 utilisation systems 10 rather than any other stage.But, because preferably each fabrication stage will comprise the test process of certain form, be useful so system 10 is merged in this test.The producer 12 is expected data during second stage at least in this case.Should be appreciated that module 92 to be used and do not rely on system 10, and responsible each fabrication stage is to realize a part of encrypting key process.At any time of these situations, by separating responsibility, neither one entity self just has the necessary information of successfully supplying product or subassembly to grey market.
Mask 90 is illustrated in greater detail in Figure 11.As discussed above, Registering modules 92 can be integrated in any mask design, and mask 90 is programmed then realizing one group of instruction or code line etc., and mask 90 will be partly be inserted in the content of definition in module 92 in the path between a part of customer code 120 and another part customer code 122 (preferably to device operation key).124 data that enter module 92 are applied to cryptographic transformation 128 along the path, and 126 are output to part 122 along the path.Preferably, 124 places successfully are applied to the data input in the path to have only cryptographic transformation 128, and the output that appears at 126 places, path just can be available.Cryptographic transformation 128 is preferably worked to carry out its operation with memory 130, processor 132 and cryptographic key 134.Preferably use the key injected system 10 that exists in each fabrication stage, memory 130, processor 132 and cryptographic key 134 are configured.Memory 130 also comprises another cryptographic key 131, and cryptographic key 131 generally comprises preferably by using the injection of key injected system 10 shown in Figure 10, at the encrypting key material of each stage accumulation.Preferably, key 134 is used when injecting to guarantee that it is believable constituting material key 131, that accumulated at memory 130.Key 134 can be a public keys, can be required also and can not be required.For example, module 92 can be under the condition that does not have key 134, and emitting may be relevant with specific manufacturer 12 or the potential hazard of incoherent certain attack and working.
Generally speaking, module 92 used sensitive datas are divided into part, and various piece was added to key 131 in each stage of manufacture process.For example, a kind of technology is to inject in each in manufacture process to have the digital signature of message recovery in stage.Key 134 can be used to certifying digital signature, and in doing so, the digital signature that is verified produces the message that can be used to the key export plan, utilizes the data that exist in the memory 130 to derive cryptographic key 131.Another example is to utilize key to cover (key shadowing) technology, and wherein, many cryptographic keys 131 are added to memory 130 in each fabrication stage.When the last fabrication stage had finished, memory 130 comprised enough data, made the key masking technique can be used to reconstitute cryptographic key 131.
The example of first fabrication stage 100 is shown in Figure 12.As previously mentioned, the producer 12 preferably utilizes system 10 to come distribution of encrypted key data and monitor the report that generates when encrypting key takes place.Key in the silicon injects generally and takes place when wafer sort or when the packaging and testing of back.In this example, the stage 100 comprises server 18 and the key proxy 21 with testing equipment 20 operations.Stage 100 also comprises the production equipment 139 of for example producing silicon wafer.Production equipment 139 uses the mask 90 of distribution on passage 80 to produce by the manufactured device of part 1140.Subscript 1 in this example is used to represent the first of the sensitive data that is applied to device 22, wherein preferably, the key proxy 21 of use equipment 20, the first of sensitive data is injected into.Preferably here, device 1Also not exercisable fully, because conversion 128 does not also have all essential information of carrying out its operation.Device 1Can be used to be distributed to second fabrication stage 102 then.
Figure 13 provides the flow chart that the example manufacture process that comprises two different fabrication stages (being N=2) is shown.In step 500, the producer 12 determines the quantity in stage, thereby the quantity of definite encrypting key data division that will be injected into, in this example, and N=2.In step 502, the producer 12 preferably is based upon on passage 24,25 and 26 the key injected system 10 that is linked to self each fabrication stage.Discuss with reference to Fig. 1 as the front, the producer 12 can use single controller 16 to communicate by letter with a plurality of servers 18.In this example, the producer 12 will and receive log record from 18 distributions of two servers, supervision.
In step 504, the producer 12 merges to Registering modules 92 in its design, and this design is defined within the mask 90.In step 506, mask 90 is distributed to the stage 1 of first producer 100 with the realization manufacture process then, and in step 508, the stage 1 is performed.For example, first producer will produce wafer, create the chip that meets mask 90.In the wafer sort process, the producer can be programmed into certain part encrypting key material in the memory 130 then.In step 510, this part of sensitive data is inserted into, and in step 512, server 18 will preferably use the mechanism of summarizing previously to report to the producer.Alternately, the stage 1 can not handled the injection of any sensitive data, and this operation can be performed in stages 2 process separately then.
When first's encrypting key data were programmed in chip or the device, product only comprised part encrypting key information, also is not enough to proper operation.Pass through device 1Represent Figure 13, wherein, the aforesaid first of subscript 1 expression.In step 514, be distributed to the stage 2 then by the device 1 of part producing, part programming, to carry out in step 516.In step 518, producer 102 will inject the second portion key data then.For example, in step 518, second producer 102 can programme to extra encrypting key information, and the new key data from system 10 that perhaps can use the part key data that is stored in the memory 130 and be used in step 518 during step 510 is derived password encryption key information.This derives step can be based on Hash or key masking technique that may be more complicated.Preferably, in step 520, second producer 102 reports back the producer 12, shows that second key part is successfully injected.The producer 12 can have two log records that show that key data has successfully been inserted now, and can use this information to monitor its record.
In case second portion encrypting key data are inserted into, in this example, device 22 is just produced fully, and registration (for example tested and encapsulation IC) fully, and in Figure 13 by device 12Represent, wherein, the key data set that subscript 12 expressions are complete, i.e. data division 1 and data division 2.In step 522, device 12Proceed to distribution channel for distribution then, wherein in step 524, device 12Finally arrive client as effective product.
As illustrated in Figure 13, for example, if first producer 100 or its employee attempt by the alternative distribution channel for distribution in step 528, will be provided for client at the incomplete product of step 530, because device so at step 526 distribution grey market product 1Only comprise first's key data, thereby conversion 128 can not be carried out its operation.Therefore, though test, encapsulation etc. can be carried out in the grey market stage 2, other encrypting key data are not provided, thus product 530 made fully, but do not registered fully, it is incomplete causing it.Should be appreciated that module 92 preferably is implemented makes anti-tamper means be considered and realizes.
Referring now to Figure 14, show the illustrative example of the client's product 22a that is done that merges module 92a, wherein, module 92a is the logic performance of the physical layout of the module 92 shown in Figure 11.In Figure 14, for the sake of clarity, can provide suffix " a " to similar mark.Use the product 22a of the realization (for example 92a) of module 92 will be applied to the critical data path of the product between code 120a and the 122a as the cryptographic transformation 128a that implements piece 150 parts.By conversion 128a, this path is decoded, makes customer logic 122a correctly to work.In this example, be performed as the checking 132a of the realization of processor 132.Checking 132a uses One Time Programmable (OTP) memory 130a and is the identity part 134a of the realization of the key 134 of Figure 11.Use the process of for example being summarized in Figure 13, key 134a and memory 130a and sensitive data are injected into together.Should be appreciated that a realization of the logic that is provided by module 92 (for example module 92a) just is provided product 22a, and the example shown in Figure 14 just for illustrative purposes.
Though be described with reference to some certain embodiments above, for a person skilled in the art, its various changes are clearly.

Claims (63)

1. one kind is used to control the method for sensitive data to the insertion of device, and described method comprises:
Server is configured to communicate to connect to the controller of being responsible for the described sensitive data of distribution and the responsible equipment that described sensitive data is injected into described device, described server is remotely placed with respect to described controller, and described server comprises the security module that is used to carry out Password Operations;
Described server receives from described controller and comprises transfer of data described sensitive data, cryptoguard;
Described server provides described transfer of data to described security module;
Described security module is extracted described sensitive data from described transfer of data;
The credit value that described server stores is provided by described controller, described credit value indication is in the insertion of a plurality of sensitive datas of permission before the how described sensitive data of described controller request;
Described server receives the request that described sensitive data is injected one or more described devices from described equipment;
Described server is with reference to described credit value, and is provided for injecting the described sensitive data of the some of described one or more devices to described equipment according to described credit value;
If described quantity is less than described credit value, then described server upgrades described credit value according to described quantity;
Described server receives with the sensitive data of described quantity and reports to the relevant device log of the insertion of corresponding device; And
Described server sends described device log report to described controller.
2. method according to claim 1 also comprises: described security module is prepared the server log report relevant with obtain described sensitive data from described controller; And described server sends described server log report to described controller.
3. method according to claim 2, wherein, described extraction comprises: described security module is decrypted with the acquisition key the head that comprises in the described transfer of data, and uses described key to come described transmission is decrypted and therefrom extracts described sensitive data.
4. method according to claim 1 also comprises: receiving the preparation process of carrying out before the described sensitive data from described controller, described preparation process is used for described server of initialization and described security module.
5. method according to claim 1 comprises a plurality of servers, and wherein, described transfer of data is sent to described a plurality of server.
6. method according to claim 1 also comprises: described server receives the credit indication of indication to the renewal of described credit value from described controller.
7. method according to claim 1 also comprises: described server receives the object that is used to realize the available data injecting scheme, the described data of described existing scheme modifying from described controller; Described object is signed, and the object of signature is provided for described security module; Described security module is stored the object of described signature, verifies the object of described signature, if the object of described signature is verified, then revises described sensitive data according to described existing scheme; And described server sends the data revised to be injected in described one or more device to described equipment.
8. method according to claim 2, wherein, described transfer of data comprises polytype sensitive data, described method also comprises: the permission that described security module is set up according to described controller obtains some type in the described type.
9. method according to claim 8, wherein, described server log report comprises described security module provides the indication of which type in the described type to described equipment.
10. method according to claim 1 also comprises: described server receives configuration messages from described controller, and described configuration messages is used for revising the setting of described security module.
11. method according to claim 2 wherein, in response to the poll of being initiated by one of described server and described controller, offers described controller with described device log report and server Log Report.
12. method according to claim 2, wherein, described device log report and server Log Report are provided for described controller to obtain other sensitive data, wherein, if described Log Report is favourable and requires other sensitive data, then receives further transfer of data; If described Log Report is disadvantageous, then described server receives the indication of forbidding further extracting described data from any previous transmission from described controller.
13. method according to claim 1, wherein, described sensitive data is a plurality of keys, and described transfer of data comprises some described keys of being encrypted by the security module of described controller; And the described data of described extraction comprise: indicated according to the indication that provides by described controller in advance, and to one or more being decrypted in the described key.
14. method according to claim 13, wherein, described security module is decrypted and each key is encrypted respectively again it after receiving described key block; Wherein, after making request by described equipment, some key in the described key is decrypted to be used by described equipment.
15. method according to claim 1, wherein, described security module comprises the forward direction and back symmetric key of communicating by letter that is used between described server and described controller on communication port.
16. one kind is used to control the server system of sensitive data to the insertion of device, described system comprises:
Server communicates to connect to the controller of being responsible for the described sensitive data of distribution and the equipment of being responsible for described sensitive data is injected into described device, and described server is remotely placed with respect to described controller, and described server comprises:
Comprise transfer of data described sensitive data, cryptoguard from described controller reception;
Provide described transfer of data to described security module;
Described security module is extracted described sensitive data from described transfer of data;
The credit value that storage is provided by described controller, described credit value indication is in the insertion of a plurality of sensitive datas of permission before the how described sensitive data of described controller request;
Receive the request that described sensitive data is injected one or more described devices from described equipment;
With reference to described credit value, and be provided for injecting the described sensitive data of the some of described one or more devices to described equipment according to described credit value;
If described quantity less than described credit value, is then upgraded described credit value according to described quantity;
Receive with the sensitive data of described quantity and report to the relevant device log of the insertion of corresponding device; And
Send described device log report to described controller.
17. system according to claim 16, wherein, described second security module is configured to prepare the server log report relevant with obtain described sensitive data from described controller, and provides described server log report to described controller.
18. system according to claim 16, wherein, the head of described transfer of data uses encryption key that the data key is encrypted; Described security module comprises and is used for decruption key that described data key is decrypted; And described security module is configured to use described data key that described transmission is decrypted therefrom to extract described sensitive data.
19. system according to claim 17, wherein, described server also comprises: data storage device is used for the described transfer of data of storage before extracting described sensitive data from described transfer of data.
20. system according to claim 16, wherein, described server also is configured to: participated in the preparation process before receiving described transfer of data, described preparation process is used for described server of initialization and described security module.
21. system according to claim 16 comprises a plurality of servers, wherein, described transfer of data is sent to described a plurality of server.
22. system according to claim 16 also is configured to: receive the credit indication of indication to the renewal of described credit value from described controller.
23. system according to claim 19 also is configured to: receive the object that is used to realize the available data injecting scheme, the described data of described existing scheme modifying from described controller; Described object is signed, and the object of signature is provided for described security module; Wherein, described security module is configured to store the object of described signature, verify the object of described signature, if the object of described signature is verified, then revise described sensitive data, and send the data revised to be injected in described one or more device to described equipment according to described existing scheme.
24. system according to claim 17, wherein, described transfer of data comprises polytype sensitive data, and the permission that described security module is set up according to described controller obtains some type in the described type.
25. system according to claim 24, wherein, described server log report comprises described security module provides the indication of which type in the described type to described equipment.
26. system according to claim 16 also is configured to: receive configuration messages from described controller, described configuration messages is used for revising the setting of described security module.
27. system according to claim 17 wherein, in response to the poll of being initiated by one of described server and described controller, offers described controller with described device log report and server Log Report.
28. system according to claim 17, wherein, described device log report and server Log Report are provided for described controller to obtain other sensitive data, wherein, if described Log Report is favourable and requires other sensitive data, then receives further transfer of data; If described Log Report is disadvantageous, then described server receives the indication of forbidding further extracting described data from any previous transmission from described controller.
29. system according to claim 16, wherein, described sensitive data is a plurality of keys, and described transfer of data comprises some described keys of being encrypted by the security module of described controller; And the described data of described extraction comprise: indicated according to the indication that provides by described controller in advance, and to one or more being decrypted in the described key.
30. system according to claim 29, wherein, described security module is decrypted and each key is encrypted respectively again it after receiving described key block; Wherein, after making request by described equipment, some key in the described key is decrypted to be used by described equipment.
31. system according to claim 16, wherein, described security module comprises the forward direction and back symmetric key of communicating by letter that is used between described server and described controller on communication port.
32. one kind is used to control the method for sensitive data to the insertion of device, described method comprises:
Controller is configured to communicate to connect to server, described server is remotely placed with respect to described controller, and be configured to communicate to connect to the equipment of being responsible for described sensitive data is injected into described device, described controller is configured to distribute described sensitive data to described server, so that described server can provide described sensitive data to described equipment, described controller comprises the security module that is used to carry out Password Operations;
Described controller uses described security module to come described sensitive data is carried out cryptoguard;
Described controller sends to described server and comprises transfer of data described sensitive data, cryptoguard, so that described server can therefrom extract described sensitive data;
Described controller provides credit value to described server, described credit value indication is in the insertion of a plurality of sensitive datas of permission before the how described sensitive data of described controller request, so that described server can upgrade described credit value according to the quantity of the described sensitive data that provides to described equipment;
Described controller is from the daily record of described server receiving equipment, described device log and described equipment by request after described server obtains the sensitive data of described quantity described equipment that the described sensitive data of described quantity is inserted into corresponding device is relevant, described device log is that described server obtains from described equipment.
33. method according to claim 32 also comprises: receive request from described server, and provide described other sensitive data and new credit value to described server at other sensitive data.
34. method according to claim 32 also comprises: the reception server Log Report, described server log report is prepared by described server, and indication is from the reception of described controller to described sensitive data.
35. method according to claim 32, wherein, described security module is encrypted with the protection key the head that comprises in the described transfer of data, and described key makes described server to be decrypted and therefrom to extract described sensitive data to described transmission.
36. method according to claim 32 also comprises: initiate sending the preparation process of carrying out before the described sensitive data to described server, described preparation process is used for described server of initialization and described security module.
37. method according to claim 32 comprises: send described transfer of data to a plurality of servers.
38. method according to claim 32 also comprises: described controller sends the credit indication of indication to the renewal of described credit value to described server.
39. method according to claim 32 also comprises: described controller sends the object that is used to realize the available data injecting scheme, the described data of described existing scheme modifying to described server; Described object is signed with the security module that offers described server to store the object of described signature, verifies the object of described signature, if the object of described signature is verified, then revises described sensitive data according to described existing scheme.
40. method according to claim 34, wherein, described transfer of data comprises polytype sensitive data, and described method also comprises: the permission that described security module is set up according to described controller sends some type in the described type.
41. according to the described method of claim 40, wherein, described server log report comprises described security module provides the indication of which type in the described type to described equipment.
42. method according to claim 32 also comprises: described controller sends configuration messages to described server, and described configuration messages is used for revising the setting of the security module at described server place.
43. method according to claim 34, described device log report and server Log Report are that described controller receives in response to the poll of being initiated by one of described server and described controller.
44. method according to claim 34, wherein, described device log report and server Log Report are received to obtain other sensitive data by described controller, wherein, if described Log Report is favourable and requires other sensitive data, then sends further transfer of data to described server; If described Log Report is disadvantageous, then described controller sends the indication of forbidding further extracting described data from any previous transmission to described server.
45. method according to claim 32, wherein, described sensitive data comprises a plurality of keys, described transfer of data comprises some described keys of being encrypted by described security module, so that described server can be indicated according to the indication that is provided by described controller in advance, to one or more being decrypted in the described key.
46. according to the described method of claim 45, wherein, described security module is encrypted more described keys, so that described server can be encrypted respectively again to each key; Wherein, after making request by described equipment, some key in the described key is decrypted to be used by described equipment.
47. method according to claim 32, wherein, described security module comprises the forward direction and back symmetric key of communicating by letter that is used between described server and described controller on communication port.
48. one kind is used to control the system of sensitive data to the insertion of device, described system comprises:
Controller equiment, communicate to connect to server, described server is remotely placed with respect to described controller equiment, and be configured to communicate to connect to the equipment of being responsible for described sensitive data is injected into described device, described controller equiment is configured to distribute described sensitive data to described server, so that described server can provide described sensitive data to described equipment, described controller equiment comprises the security module that is used to carry out Password Operations;
Described controller equiment is configured to:
Use described security module to come described sensitive data is carried out cryptoguard;
Described server comprises transfer of data described sensitive data, cryptoguard to described server transmission, so that can therefrom extract described sensitive data;
Provide credit value to described server, described credit value indication is in the insertion of a plurality of sensitive datas of permission before the how described sensitive data of described controller equiment request, so that described server can upgrade described credit value according to the quantity of the described sensitive data that provides to described equipment; And
From the daily record of described server receiving equipment, described device log with by request after described server obtains the sensitive data of described quantity described equipment that the described sensitive data of described quantity is inserted into corresponding device is relevant, described device log is that described server obtains from described equipment.
49. according to the described system of claim 48, wherein, described controller equiment also is configured to: receive request from described server, and provide described other sensitive data and new credit value to described server at other sensitive data.
50. according to the described system of claim 48, wherein, described controller equiment also is configured to: the reception server Log Report, described server log report is prepared by described server, and indication is from the reception of described controller to described sensitive data.
51. according to the described system of claim 48, wherein, described security module is encrypted with the protection key the head that comprises in the described transfer of data, described key makes described server to be decrypted and therefrom to extract described sensitive data to described transmission.
52. according to the described system of claim 48, wherein, described controller equiment also is configured to: initiate sending the preparation process of carrying out before the described sensitive data to described server, described preparation process is used for described server of initialization and described security module.
53. according to the described system of claim 48, wherein, described controller equiment also is configured to: send described transfer of data to a plurality of servers.
54. according to the described system of claim 48, wherein, described controller equiment also is configured to: send the credit indication of indication to the renewal of described credit value to described server.
55. according to the described system of claim 48, wherein, described controller equiment also is configured to: send the object that is used to realize the available data injecting scheme, the described data of described existing scheme modifying to described server; Described object is signed with the security module that offers described server to store the object of described signature, verifies the object of described signature, if the object of described signature is verified, then revises described sensitive data according to described existing scheme.
56. according to the described system of claim 50, wherein, described transfer of data comprises polytype sensitive data, wherein, described controller equiment also is configured to: the permission of setting up according to described controller system sends some type in the described type.
57. according to the described system of claim 56, wherein, described server log report comprises described security module provides the indication of which type in the described type to described equipment.
58. according to the described system of claim 48, wherein, described controller equiment also is configured to: send configuration messages to described server, described configuration messages is used for revising the setting of the security module at described server place.
59. according to the described system of claim 50, wherein, described device log report and server Log Report are that described controller equiment receives in response to the poll of being initiated by one of described server and described controller.
60. according to the described system of claim 50, wherein, described device log report and server Log Report are received to obtain other sensitive data by described controller, wherein, if described Log Report is favourable and requires other sensitive data, then sends further transfer of data to described server; If described Log Report is disadvantageous, then described controller sends the indication of forbidding further extracting described data from any previous transmission to described server.
61. according to the described system of claim 48, wherein, described sensitive data comprises a plurality of keys, described transfer of data comprises some described keys of being encrypted by described security module, so that described server can be indicated according to the indication that is provided by described controller equiment in advance, to one or more being decrypted in the described key.
62. according to the described system of claim 61, wherein, described security module is encrypted more described keys, so that described server can be encrypted respectively again to each key; Wherein, after making request by described equipment, some key in the described key is decrypted to be used by described equipment.
63. according to the described system of claim 48, wherein, described security module comprises the forward direction and back symmetric key of communicating by letter that is used between described server and described controller on communication port.
CN2010106218685A 2005-06-14 2006-06-12 System and method for remote device registration Active CN102013977B (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US69015505P 2005-06-14 2005-06-14
US60/690,155 2005-06-14
CA2,510,366 2005-06-21
CA2510366A CA2510366C (en) 2005-06-14 2005-06-21 System and method for remote device registration
US77726206P 2006-02-28 2006-02-28
US60/777,262 2006-02-28
CA2,538,087 2006-02-28
CA2538087A CA2538087C (en) 2005-06-14 2006-02-28 System and method for remote device registration

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN200680025923.6A Division CN101223728B (en) 2005-06-14 2006-06-12 System and method for remote device registration

Publications (2)

Publication Number Publication Date
CN102013977A true CN102013977A (en) 2011-04-13
CN102013977B CN102013977B (en) 2013-01-23

Family

ID=43844008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010106218685A Active CN102013977B (en) 2005-06-14 2006-06-12 System and method for remote device registration

Country Status (1)

Country Link
CN (1) CN102013977B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113411769A (en) * 2015-09-30 2021-09-17 康明斯有限公司 System, method and apparatus for secure telematics communication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004252493A (en) * 2000-12-26 2004-09-09 Ccp:Kk Computer readable information storage medium storing content data and content accounting system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113411769A (en) * 2015-09-30 2021-09-17 康明斯有限公司 System, method and apparatus for secure telematics communication
CN113411769B (en) * 2015-09-30 2023-11-24 康明斯有限公司 Systems, methods, and apparatus for secure telematics communications

Also Published As

Publication number Publication date
CN102013977B (en) 2013-01-23

Similar Documents

Publication Publication Date Title
CN101223728B (en) System and method for remote device registration
CA2642363C (en) System and method for product registration
US10496811B2 (en) Counterfeit prevention
CN108475319A (en) Device birth voucher
CN113495920A (en) Content auditing system, method and device based on block chain and storage medium
CN113254947A (en) Vehicle data protection method, system, equipment and storage medium
CA2611818C (en) System and method for remote device registration
CN102013977B (en) System and method for remote device registration
JP4989806B2 (en) System and method for remote device registration
KR101336529B1 (en) System and method for remote device registration
JP2012113323A (en) System and method for remote device registration
CN117034306A (en) Data streaming method, device, computer equipment and computer readable storage medium
CN115865495A (en) Data transmission control method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1155587

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1155587

Country of ref document: HK

TR01 Transfer of patent right

Effective date of registration: 20191025

Address after: Voight, Ontario, Canada

Patentee after: Blackberry Ltd.

Address before: Rika Univ.

Patentee before: Seldikam Company

TR01 Transfer of patent right