CN106031082B - 使用公钥和会话密钥的认证 - Google Patents

使用公钥和会话密钥的认证 Download PDF

Info

Publication number
CN106031082B
CN106031082B CN201580009686.3A CN201580009686A CN106031082B CN 106031082 B CN106031082 B CN 106031082B CN 201580009686 A CN201580009686 A CN 201580009686A CN 106031082 B CN106031082 B CN 106031082B
Authority
CN
China
Prior art keywords
key
public key
combination
session key
representative
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580009686.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN106031082A (zh
Inventor
J·J·摩尔
S·E·麦克尼尔
S·M·特里姆伯格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xilinx Inc
Original Assignee
Xilinx Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xilinx Inc filed Critical Xilinx Inc
Publication of CN106031082A publication Critical patent/CN106031082A/zh
Application granted granted Critical
Publication of CN106031082B publication Critical patent/CN106031082B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
CN201580009686.3A 2014-02-20 2015-02-18 使用公钥和会话密钥的认证 Active CN106031082B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/185,780 US9270469B2 (en) 2014-02-20 2014-02-20 Authentication using public keys and session keys
US14/185,780 2014-02-20
PCT/US2015/016417 WO2015126967A1 (en) 2014-02-20 2015-02-18 Authentication using public keys and session keys

Publications (2)

Publication Number Publication Date
CN106031082A CN106031082A (zh) 2016-10-12
CN106031082B true CN106031082B (zh) 2019-08-27

Family

ID=52633630

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580009686.3A Active CN106031082B (zh) 2014-02-20 2015-02-18 使用公钥和会话密钥的认证

Country Status (6)

Country Link
US (1) US9270469B2 (enExample)
EP (1) EP3108609B1 (enExample)
JP (1) JP6510546B2 (enExample)
KR (1) KR102345177B1 (enExample)
CN (1) CN106031082B (enExample)
WO (1) WO2015126967A1 (enExample)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9659191B2 (en) * 2014-04-09 2017-05-23 Seagate Technology Llc Encryption key storage and modification in a data storage device
US10541817B2 (en) * 2016-03-14 2020-01-21 Ricoh Company, Ltd. Data generation apparatus, data recording system, and program product
CN107451432A (zh) * 2016-05-30 2017-12-08 深圳市中兴微电子技术有限公司 一种启动程序检查方法和装置
US10091904B2 (en) * 2016-07-22 2018-10-02 Intel Corporation Storage sled for data center
US10268844B2 (en) * 2016-08-08 2019-04-23 Data I/O Corporation Embedding foundational root of trust using security algorithms
TWI648741B (zh) * 2017-06-05 2019-01-21 慧榮科技股份有限公司 資料儲存裝置之控制器以及進階資料抹除的方法
US10541820B2 (en) * 2017-08-17 2020-01-21 Global Bonsai LLC Distributed digital ledger
US11558178B2 (en) * 2018-01-31 2023-01-17 Walmart Apollo, Llc System and method for prescription security and authentication
KR102192477B1 (ko) * 2018-07-16 2020-12-18 (주)이더블유비엠 Fido 기반 인증 대용의 암묵인증방법, 시스템 및 프로그램
US11232219B1 (en) 2019-01-31 2022-01-25 Xilinx, Inc. Protection of electronic designs
KR20220126733A (ko) * 2019-11-20 2022-09-16 (주)이더블유비엠 Fido 기반 암묵인증방법, 시스템 및 프로그램
US11582021B1 (en) 2019-11-20 2023-02-14 Xilinx, Inc. Protection against differential power analysis attacks involving initialization vectors
US11280829B1 (en) 2019-12-19 2022-03-22 Xlnx, Inc. System-on-chip having secure debug mode
EP3929784A1 (de) * 2020-06-23 2021-12-29 Siemens Aktiengesellschaft Booteinrichtung für ein computerelement und verfahren zum booten eines computerelements
US11893118B2 (en) * 2021-05-25 2024-02-06 Microsoft Technology Licensing, Llc Transfer of ownership of a computing device via a security processor
US12417191B2 (en) 2022-11-15 2025-09-16 Honeywell International Inc. Integrated key revocation with a field loading process and/or related safety checks related to an asset system
US20250045420A1 (en) * 2023-07-31 2025-02-06 Qualcomm Incorporated Apparatus and methods for binding a system on chip and a memory device with a key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2355819A (en) * 1999-10-26 2001-05-02 Marconi Comm Ltd Authentication of data and software
JP2006163164A (ja) * 2004-12-09 2006-06-22 Hitachi Ltd Idベース署名及び暗号化システムおよび方法
WO2012056094A1 (en) * 2010-10-29 2012-05-03 Nokia Corporation Software authentication
CN102761420A (zh) * 2012-08-08 2012-10-31 飞天诚信科技股份有限公司 一种安全认证方法

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7917760B2 (en) * 1997-02-21 2011-03-29 Multos Limited Tamper resistant module having separate control of issuance and content delivery
US6816596B1 (en) * 2000-01-14 2004-11-09 Microsoft Corporation Encrypting a digital object based on a key ID selected therefor
US6760752B1 (en) * 1999-06-28 2004-07-06 Zix Corporation Secure transmission system
US6851049B1 (en) * 2000-10-02 2005-02-01 Pgp Corporation Method and apparatus for facilitating secure anonymous email recipients
EP1414183B1 (en) * 2001-08-01 2012-11-14 Panasonic Corporation Encrypted data delivery system
JP2003348079A (ja) * 2002-05-27 2003-12-05 Konica Minolta Holdings Inc 画像形成装置
US7440571B2 (en) 2002-12-03 2008-10-21 Nagravision S.A. Method for securing software updates
US20050235145A1 (en) * 2002-12-05 2005-10-20 Canon Kabushiki Kaisha Secure file format
JP2004304304A (ja) * 2003-03-28 2004-10-28 Fujitsu Ltd 電子署名生成方法,電子署名検証方法,電子署名生成依頼プログラム,及び電子署名検証依頼プログラム
EP1536606A1 (fr) * 2003-11-27 2005-06-01 Nagracard S.A. Méthode d'authentification d'applications
US7987365B2 (en) * 2006-03-24 2011-07-26 Microsoft Corporation Subscription-based computing implemented in hardware of computing device
US20070269040A1 (en) * 2006-05-16 2007-11-22 Microsoft Corporation Cryptographic Protocol for Commonly Controlled Devices
US7987358B1 (en) * 2006-06-09 2011-07-26 Xilinx, Inc. Methods of authenticating a user design in a programmable integrated circuit
US8863230B1 (en) * 2006-06-09 2014-10-14 Xilinx, Inc. Methods of authenticating a programmable integrated circuit in combination with a non-volatile memory device
US8166304B2 (en) * 2007-10-02 2012-04-24 International Business Machines Corporation Support for multiple security policies on a unified authentication architecture
JP2009217722A (ja) * 2008-03-12 2009-09-24 Nippon Telegr & Teleph Corp <Ntt> 認証処理システム、認証装置、管理装置、認証処理方法、認証処理プログラムおよび管理処理プログラム
JP5382766B2 (ja) * 2008-09-26 2014-01-08 日本電気通信システム株式会社 電子メール検証システム、送信端末、受信端末、電子メール処理端末、電子メール検証、送信および受信方法
JP5335072B2 (ja) * 2009-04-06 2013-11-06 パナソニック株式会社 鍵実装システム
US8242831B2 (en) * 2009-12-31 2012-08-14 Intel Corporation Tamper resistant fuse design
US9219604B2 (en) * 2011-05-09 2015-12-22 Cleversafe, Inc. Generating an encrypted message for storage
US8639928B2 (en) * 2011-12-05 2014-01-28 Certicom Corp. System and method for mounting encrypted data based on availability of a key on a network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2355819A (en) * 1999-10-26 2001-05-02 Marconi Comm Ltd Authentication of data and software
JP2006163164A (ja) * 2004-12-09 2006-06-22 Hitachi Ltd Idベース署名及び暗号化システムおよび方法
WO2012056094A1 (en) * 2010-10-29 2012-05-03 Nokia Corporation Software authentication
CN102761420A (zh) * 2012-08-08 2012-10-31 飞天诚信科技股份有限公司 一种安全认证方法

Also Published As

Publication number Publication date
EP3108609A1 (en) 2016-12-28
JP2017506850A (ja) 2017-03-09
JP6510546B2 (ja) 2019-05-08
US9270469B2 (en) 2016-02-23
WO2015126967A1 (en) 2015-08-27
US20150236856A1 (en) 2015-08-20
CN106031082A (zh) 2016-10-12
KR102345177B1 (ko) 2021-12-30
KR20160123336A (ko) 2016-10-25
EP3108609B1 (en) 2020-06-24

Similar Documents

Publication Publication Date Title
CN106031082B (zh) 使用公钥和会话密钥的认证
US9230112B1 (en) Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis
US9830456B2 (en) Trust transference from a trusted processor to an untrusted processor
US9887844B2 (en) Method for safeguarding a system-on-a-chip
US9165143B1 (en) Image file generation and loading
US9870488B1 (en) Method and apparatus for securing programming data of a programmable device
US9239925B2 (en) Processor security
JP6371919B2 (ja) セキュアなソフトウェアの認証と検証
EP2989741B1 (en) Generation of working security key based on security parameters
CN106415585A (zh) 安全启动期间的密钥提取
CN104838387B (zh) 芯片验证
TWI763379B (zh) 安全積體電路晶片裝置及其保護其方法
US9218505B1 (en) Programmable integrated circuit with DPA-resistant decryption
Trimberger et al. FPGA security: From features to capabilities to trusted systems
CN117813795A (zh) 设备身份密钥
US8983073B1 (en) Method and apparatus for restricting the use of integrated circuits
CN105138870A (zh) 一种芯片合法性鉴别方法及装置
US8966253B1 (en) Method and apparatus for authenticating a programmable device bitstream
US10067770B2 (en) Platform key hierarchy
CN112437924B (zh) 用于可编程逻辑器件的安全引导系统和方法
US11977666B2 (en) Flexible cryptographic device
US11582021B1 (en) Protection against differential power analysis attacks involving initialization vectors
US20250323802A1 (en) Systems and Methods for Bitstream Authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant