JP7463365B2 - シール及び検証によるデバイス認証 - Google Patents
シール及び検証によるデバイス認証 Download PDFInfo
- Publication number
- JP7463365B2 JP7463365B2 JP2021527944A JP2021527944A JP7463365B2 JP 7463365 B2 JP7463365 B2 JP 7463365B2 JP 2021527944 A JP2021527944 A JP 2021527944A JP 2021527944 A JP2021527944 A JP 2021527944A JP 7463365 B2 JP7463365 B2 JP 7463365B2
- Authority
- JP
- Japan
- Prior art keywords
- rot
- information
- production
- key
- soc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims description 12
- 238000004519 manufacturing process Methods 0.000 claims description 61
- 238000000034 method Methods 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 19
- 230000005540 biological transmission Effects 0.000 description 10
- 238000007789 sealing Methods 0.000 description 7
- 238000010200 validation analysis Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 241000272186 Falco columbarius Species 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000010367 cloning Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013481 data capture Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Description
Claims (14)
- システム(10)によるデバイス(1)のプログラミング及び認証の方法であって、
デバイスの生産(101)中に、デバイス(1)のデバイス情報を、前記デバイス(1)の信頼の基点(RoT)(2)によって管理されたメモリ(4)内に受信し、
前記デバイス(1)を前記システム(10)にブートストラップし、
前記RoT(2)に関する情報と、前記システム(10)の暗号プロトコルにより前記RoT(2)を認証するための情報とを提供し、その結果、前記認証されたRoT(2)と前記システム(10)に知られている前記デバイス情報との間のバインディングが生じ、前記デバイス(1)の前記デバイス生産(101)を検証するため、前記バインディングが前記システム(10)によって検証されることを特徴とする方法。 - 前記デバイス(1)が1つ又は複数のシステムオンチップ(SoC)(3)を有し、前記RoT(2)が各SoC(3)に対するデバイス情報のプログラミングを管理することを特徴とする請求項1に記載の方法。
- 前記RoT(2)が前記デバイス(1)の前記SoC(3)のいずれにも埋め込まれていないことを特徴とする請求項2に記載の方法。
- 前記RoT(2)と前記デバイス(1)とを暗号的にバインドするのに使用するために、デバイス生産中(101)に前記デバイス(1)の各SoC(3)との専用バインディング鍵に、前記RoT(2)が合意することを特徴とする請求項3に記載の方法。
- 前記デバイス(1)と前記RoT(2)との間の通信を暗号化するためにデバイス鍵が使用されることを特徴とする請求項4に記載の方法。
- 前記RoT(2)が前記システム(10)に1回だけブートストラップするように構成されることを特徴とする請求項1から5のいずれか1項に記載の方法。
- 更に、セキュリティ所有者(11)に、前記RoT(2)の前記デバイス生産(101)に関する情報を報告することを特徴とする請求項1から6のいずれか1項に記載の方法。
- 前記デバイス(1)の前記デバイス生産(101)の検証が、前記ブートストラップされたRoT(2)がデバイス生産中(101)に報告されたかどうかの検証を含む請求項7に記載の方法。
- 前記デバイス(1)の前記システム(10)へのブートストラップ中に前記検証が強制されることを特徴とする請求項7又は8に記載の方法。
- 前記ブートストラップされた情報及びデバイス生産(101)に関する前記報告された情報が前記RoT(2)の前記セキュリティ所有者(11)に報告されることを特徴とする請求項7から9のいずれか1項に記載の方法。
- 前記RoT(2)に関する前記情報が前記RoT(2)の公開idから成ることを特徴とする請求項1から10のいずれか1項に記載の方法。
- プロセッサを備えるデバイス(1)であって、前記プロセッサが請求項1から11のいずれか1項に記載された方法のステップを実行するように構成されていることを特徴とするデバイス。
- 集積回路を備えるデバイス(1)であって、前記集積回路が請求項1から11のいずれか1項に記載された方法のステップを実行するように構成されていることを特徴とするデバイス。
- コンピュータ読み取り可能な非一時的な記憶媒体(1)であって、プロセッサによって実行されると前記プロセッサが請求項1から11のいずれか1項に記載された方法のステップを実行するコンピュータ実行可能な命令を含むことを特徴とする記憶媒体。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2024047633A JP2024071510A (ja) | 2018-11-23 | 2024-03-25 | シール及び検証によるデバイス認証 |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18208070.5 | 2018-11-23 | ||
EP18208070 | 2018-11-23 | ||
PCT/EP2019/082308 WO2020104685A1 (en) | 2018-11-23 | 2019-11-22 | Device authentication with sealing and verification |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2024047633A Division JP2024071510A (ja) | 2018-11-23 | 2024-03-25 | シール及び検証によるデバイス認証 |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2022507826A JP2022507826A (ja) | 2022-01-18 |
JPWO2020104685A5 JPWO2020104685A5 (ja) | 2022-10-12 |
JP7463365B2 true JP7463365B2 (ja) | 2024-04-08 |
Family
ID=64476941
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2021527944A Active JP7463365B2 (ja) | 2018-11-23 | 2019-11-22 | シール及び検証によるデバイス認証 |
JP2024047633A Pending JP2024071510A (ja) | 2018-11-23 | 2024-03-25 | シール及び検証によるデバイス認証 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2024047633A Pending JP2024071510A (ja) | 2018-11-23 | 2024-03-25 | シール及び検証によるデバイス認証 |
Country Status (7)
Country | Link |
---|---|
US (1) | US20220006808A1 (ja) |
EP (1) | EP3884637A1 (ja) |
JP (2) | JP7463365B2 (ja) |
KR (1) | KR20210092218A (ja) |
CN (2) | CN113261255B (ja) |
SG (1) | SG11202105307SA (ja) |
WO (1) | WO2020104685A1 (ja) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20220061956A (ko) * | 2019-09-18 | 2022-05-13 | 엘지전자 주식회사 | 차량용 인포테인먼트 장치 및 그의 동작 방법 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048070A1 (en) | 2015-08-10 | 2017-02-16 | Data I/O Corporation | Device birth certificate |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106537407B (zh) * | 2014-04-15 | 2022-03-04 | 麦利尔亚洲新加坡私人有限公司 | 可信根 |
US20160134621A1 (en) * | 2014-11-12 | 2016-05-12 | Qualcomm Incorporated | Certificate provisioning for authentication to a network |
CN107924437A (zh) * | 2015-06-17 | 2018-04-17 | 瑞典爱立信有限公司 | 用于使得能够实现凭证的安全供应的方法以及相关无线装置和服务器 |
US9902368B2 (en) * | 2016-06-03 | 2018-02-27 | Volkswagen Aktiengesellschaft | Apparatus, system and method for vehicle access and function control utilizing a portable device |
EP3293980A1 (en) * | 2016-09-09 | 2018-03-14 | Nagravision S.A. | A method to create a secure channel between a host device and an external device |
US10740466B1 (en) * | 2016-09-29 | 2020-08-11 | Amazon Technologies, Inc. | Securing interfaces of a compute node |
CN106815494B (zh) * | 2016-12-28 | 2020-02-07 | 中软信息系统工程有限公司 | 一种基于cpu时空隔离机制实现应用程序安全认证的方法 |
WO2022106885A1 (en) * | 2020-11-18 | 2022-05-27 | Myomega Systems Gmbh | Industrial control system |
-
2019
- 2019-11-22 SG SG11202105307SA patent/SG11202105307SA/en unknown
- 2019-11-22 EP EP19808589.6A patent/EP3884637A1/en active Pending
- 2019-11-22 WO PCT/EP2019/082308 patent/WO2020104685A1/en unknown
- 2019-11-22 CN CN201980076782.8A patent/CN113261255B/zh active Active
- 2019-11-22 JP JP2021527944A patent/JP7463365B2/ja active Active
- 2019-11-22 KR KR1020217015587A patent/KR20210092218A/ko not_active Application Discontinuation
- 2019-11-22 US US17/295,472 patent/US20220006808A1/en active Pending
- 2019-11-22 CN CN202310454354.2A patent/CN116340925A/zh active Pending
-
2024
- 2024-03-25 JP JP2024047633A patent/JP2024071510A/ja active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048070A1 (en) | 2015-08-10 | 2017-02-16 | Data I/O Corporation | Device birth certificate |
Also Published As
Publication number | Publication date |
---|---|
EP3884637A1 (en) | 2021-09-29 |
KR20210092218A (ko) | 2021-07-23 |
WO2020104685A1 (en) | 2020-05-28 |
JP2024071510A (ja) | 2024-05-24 |
CN113261255B (zh) | 2023-05-23 |
JP2022507826A (ja) | 2022-01-18 |
CN113261255A (zh) | 2021-08-13 |
CN116340925A (zh) | 2023-06-27 |
US20220006808A1 (en) | 2022-01-06 |
SG11202105307SA (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10382485B2 (en) | Blockchain-assisted public key infrastructure for internet of things applications | |
US10958664B2 (en) | Method of performing integrity verification between client and server and encryption security protocol-based communication method of supporting integrity verification between client and server | |
WO2018050081A1 (zh) | 设备身份认证的方法、装置、电子设备及存储介质 | |
Sathyadevan et al. | Protean authentication scheme–a time-bound dynamic keygen authentication technique for iot edge nodes in outdoor deployments | |
JP7277270B2 (ja) | 埋め込まれたルートオブトラストシークレットで生成される集積回路の個人化 | |
US20220109667A1 (en) | Cryptographic trust enabled devices of cybersecurity systems | |
JP2024071510A (ja) | シール及び検証によるデバイス認証 | |
CN105282179A (zh) | 一种基于cpk的家庭物联网安全控制的方法 | |
Li et al. | A secure sign-on protocol for smart homes over named data networking | |
CN114765534B (zh) | 基于国密标识密码算法的私钥分发系统和方法 | |
US20230274035A1 (en) | Securing data stored in a memory of an iot device during a low power mode | |
JP6408536B2 (ja) | 通信システム、通信装置、サーバ装置、通信方法、及びコンピュータプログラム | |
CN1848722B (zh) | 建立可信虚拟专用网连接的方法和系统 | |
Zhou et al. | Trusted channels with password-based authentication and TPM-based attestation | |
EP3340530B1 (en) | Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server | |
CN112733129A (zh) | 一种服务器带外管理的可信接入方法 | |
KR20240045162A (ko) | 임베디드 장치들의 안전한 신뢰 루트 등록 및 신원 관리 | |
Fan et al. | Design and implementation of IoT gateway security system | |
CN114329522A (zh) | 一种私钥保护方法、装置、系统及存储介质 | |
WO2018172776A1 (en) | Secure transfer of data between internet of things devices | |
WO2018076299A1 (zh) | 数据传输方法及装置 | |
US20220050605A1 (en) | Remote enforcement of device memory | |
CN115361147A (zh) | 设备注册方法及装置、计算机设备、存储介质 | |
US20210160065A1 (en) | Cryptographic key configuration using physical unclonable function | |
US20240195641A1 (en) | Interim root-of-trust enrolment and device-bound public key registration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20221003 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20221003 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20231018 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20231024 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20240122 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20240205 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20240229 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20240327 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 7463365 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |