WO2007117879A1 - Method and apparatus to mate an external code image with an on-chip private key - Google Patents

Method and apparatus to mate an external code image with an on-chip private key Download PDF

Info

Publication number
WO2007117879A1
WO2007117879A1 PCT/US2007/064321 US2007064321W WO2007117879A1 WO 2007117879 A1 WO2007117879 A1 WO 2007117879A1 US 2007064321 W US2007064321 W US 2007064321W WO 2007117879 A1 WO2007117879 A1 WO 2007117879A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
code
code image
encrypted
storage
Prior art date
Application number
PCT/US2007/064321
Other languages
French (fr)
Inventor
Peter Munguia
Dhiraj Bhatt
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to EP07758833A priority Critical patent/EP2005642A4/en
Priority to JP2008553557A priority patent/JP2009525556A/en
Publication of WO2007117879A1 publication Critical patent/WO2007117879A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Definitions

  • Typical computing platforms use boot code to enable system start-up. Such code is a particularly attractive route for malevolent entities to gain access to such systems and thus requires protective mechanisms and/or schemes to prevent un-authorized access to the boot code or its image.
  • Current methods for protecting boot code rely on physical restrictions such as burying signal layers to or from boot devices (e.g., memory devices that store boot code or boot code images), applying material such as glue to boot devices to prevent physical access, minimizing trace lengths between devices, etc.
  • additional protection is provided in the form of a software chain of trust rooted in the boot code itself.
  • a software chain of trust originating in the boot code can be compromised if the boot code itself can be accessed or replaced with malevolent boot code.
  • FIG. 1 is a block diagram illustrating a system in accordance with some implementations of the invention.
  • Figure 2 is a block diagram illustrating a system similar to portions of the system of Fig. 1 in accordance with some implementations of the invention.
  • Figures 3-6 are flow charts illustrating processes in accordance with some implementations of the invention. DETAILED DESCRIPTION
  • FIG. 1 illustrates an example system 100 according to some implementations of the invention.
  • System 100 includes a media processor 102 coupled to a display controller 104, a cryptographic module 106, storage media 107 and a communications pathway 108.
  • System 100 also includes memory 110 (e.g., dynamic random access memory (DRAM), static random access memory (SRAM), non-volatile memory such as flash memory, etc.) coupled to pathway 108, a display 112 coupled to controller 104, and an input/output (I/O) controller 114 coupled to pathway 108.
  • DRAM dynamic random access memory
  • SRAM static random access memory
  • I/O controller 114 input/output
  • system 100 includes wireless transmitter circuitry and wireless receiver circuitry 116 coupled to I/O controller 114 and an antenna 118 (e.g., dipole antenna, narrowband Meander Line Antenna (MLA), wideband MLA, inverted "F” antenna, planar inverted “F” antenna, Goubau antenna, Patch antenna, etc.) coupled to circuitry 116.
  • antenna 118 e.g., dipole antenna, narrowband Meander Line Antenna (MLA), wideband MLA, inverted "F” antenna, planar inverted “F” antenna, Goubau antenna, Patch antenna, etc.
  • System 100 may be any system suitable for the cryptographic processing of cryptographic keys, data or software instructions such as boot code or boot code images in accordance with implementations of the invention as will be described in greater detail below.
  • system 100 may assume a variety of physical implementations.
  • system 100 may be implemented in a personal computer (PC), a networked PC, a server computing system, a handheld computing platform (e.g., a personal digital assistant (PDA)), a gaming system (portable or otherwise), a 3D capable cellular telephone handset, etc.
  • PC personal computer
  • PDA personal digital assistant
  • gaming system portable or otherwise
  • 3D capable cellular telephone handset etc.
  • all components of system 100 may be implemented within a single device, such as a system-on-a-chip (SOC) integrated circuit (IC), components of system 100 may also be distributed across multiple ICs or devices.
  • SOC system-on-a-chip
  • media processor 102, module 106, storage 107, pathway 108, memory 110, controller 114, circuitry 116 and antenna 118 may be implemented, in part, as multiple ICs contained within a single computing platform, such as a personal computer (PC) or a set top box (STB) to name a few examples, while display controller 104 may be implemented in a separate device such as display 112 coupled to media processor 102.
  • PC personal computer
  • STB set top box
  • Media processor 102 may comprise special purpose or general purpose processor core (s) including any control and/or processing logic, hardware, software and/or firmware, capable of processing audio and/or image and/or video data and of providing display controller 104 with image and/or video data.
  • Processor 102 may also utilize cryptographic module 106 to encrypt or decrypt cipher keys, data and/or software instructions such as boot code, and may provide encrypted or decrypted keys, data and/or software instructions such as boot code to memory 110 and/or storage 107 as will be explained in greater detail below.
  • processor 102 may also include control logic for controlling access to storage media 107 and/or memory 110.
  • Processor 102 may further be capable of performing any of a number of additional tasks that support mating an external code image with an on-chip private key. These tasks may include, for example, although the invention is not limited in this regard, obtaining external code images from devices external to system 100 by, for example, downloading such code images via antenna 118, transmitter and receiver circuitry 116 and I/O controller 114. Those skilled in the art will recognize that processor 102 may undertake other support tasks such as, initializing and/or configuring registers within module 106 or controller 104, interrupt servicing, etc.
  • processor 102 may include two or more processor cores. While Fig. 1 may be interpreted as showing media processors 102 and 104 as distinct devices, the invention is not limited in this regard and those of skill in the art will recognize that media processor 102 and display controller 104 and possibly additional components of system 100 may be implemented within a single IC.
  • Display controller 104 may comprise any processing logic, hardware, software, and/or firmware, capable of converting graphics or image data supplied by media processor 102 into a format suitable for driving display 112 (i.e., display-specific data).
  • processor 104 may provide graphics and/or image and/or video data to controller 104 in a specific color format, for example in a compressed red-green-blue (RGB) pixel format, and controller 104 may process that RGB data by generating, for example, corresponding liquid crystal display (LCD) drive data levels, etc.
  • LCD liquid crystal display
  • the invention is not limited to a particular type of display 112.
  • display 112 may be any type of display such as a LCD display, or an electroluminescent (EL) display, to name a few examples.
  • Bus or communications pathway(s) 108 may comprise any mechanism for conveying information (e.g., encrypted code images, keys, etc.) between or amongst any of the elements of system 100.
  • communications pathway(s) 108 may comprise a multipurpose bus capable of conveying, for example, code images and code keys to processor 102.
  • pathway(s) 108 may comprise a wireless communications pathway
  • FIG. 2 illustrates a system 200 similar to portions of system 100 and in accordance with some implementations of the invention.
  • System 200 includes a cryptographic module (CM) 202 including encryption logic (EL) 204 and decryption logic (DL) 206, a one-time-programmable (OTP) memory 208 storing at least one private key 209, key derivation logic (KDL) 210 coupled to both OTP memory 208 and CM 202, unsecured storage 212 coupled to CM 202, secured storage 214 coupled to CM 202, and processor core(s) 216 coupled to secured storage 214 and CM 202.
  • CM cryptographic module
  • EL encryption logic
  • DL decryption logic
  • OTP key derivation logic
  • KDL key derivation logic
  • System 200 may be any system suitable for the cryptographic processing of keys, data or software instructions such as boot code or boot code images in accordance with implementations of the invention as will be described in greater detail below.
  • system 200 may assume a variety of physical implementations. While all components of system 200 may be implemented within a single device, such as a system-on-a-chip (SOC) integrated circuit (IC), components of system 100 may also be distributed across multiple ICs or devices.
  • processor core(s) 216 may comprise any special purpose or a general purpose processor core(s) including any control and/or processing logic, hardware, software and/or firmware, capable of supporting mating an external code image with an on-chip private key in accordance with implementations of the invention as will be explained in greater detail below.
  • CM 202 may comprise any processing logic, hardware, software, and/or firmware, capable of enabling the mating of an external code image with a private key in accordance with implementations of the invention as will be explained in greater detail below.
  • CM 202 may receive one or more code images (e.g., CodeA, CodeB, etc) and associated encryption keys (e.g., K A , K B , etc) from devices external to system 200.
  • CM 202 may also receive private key 209 from OTP memory 208.
  • CM 202 may receive one or more keys from derivation logic 210 where those keys have been derived from private key 209.
  • CM 202 may then use EL 204 to encrypt each code image with an associated code key and store the resulting encrypted code image in unsecured storage 212.
  • CM 202 may also use EL 204 and encryption keys such as private key 209 or the derived keys provided by derivation logic 210 to encrypt each code key and may then store the encrypted code key in unsecured storage 212 along with the associated encrypted code image.
  • CM 202 may further use DL 206 to decrypt an encrypted code key retrieved from unsecured storage 212, use that decrypted code key to decrypt an associated encrypted code image, and store the resulting decrypted or clear code key and clear code image in secured storage 214.
  • CM 202 may undertake these encryption and decryption tasks in response to commands issued by processor core(s) 216.
  • the functionality of CM 202 may be similar to that of CM 106 of Fig.1.
  • the invention is not limited to a particular type of code key and/or to a particular type of cryptographic process implemented by EL 204 and DL 206.
  • the code keys associated with the code images and provided to system 200 may be dependent on the type of encryption process used by EL 204 to encrypt the code images with the code keys.
  • the code keys may be consistent with well known Public Key Infrastructure (PKI) techniques, such as the Rivest, Shamir, and Adelman (RSA) digital signature algorithm (DSA).
  • PKI Public Key Infrastructure
  • RSA Rivest, Shamir, and Adelman
  • DSA digital signature algorithm
  • the code keys may be keys consistent with other cryptographic schemes such as symmetric keys or random unique keys, to name a few more examples.
  • Unsecured storage 212 may be, for example, any storage means that is user- accessible. In other words, the contents of storage 212 may be accessed by a user of system 200 in a conventional manner.
  • storage 212 may be a fixed nonvolatile memory device (e.g., flash memory, hard disk drive, etc.), or a removable nonvolatile memory device (e.g., a memory card containing flash memory, etc.) to name several examples.
  • storage 212 may be off-chip memory that is formed in a semiconductor substrate other than the semiconductor substrate incorporating CM 202 and/or processor core(s) 216.
  • secured storage 214 may be any storage means that is user- inaccessible.
  • storage 214 may not be accessed by a user of system 200 in a conventional manner.
  • storage 214 may be on-chip or cache memory that is formed in the same semiconductor substrate as CM 202 and/or processor core(s) 216.
  • storage 214 may comprise system memory, such as double-data-rate (DDR) random-access-memory (RAM), formed on a separate semiconductor substrate and coupled to processor core(s) 216 by a high speed system bus.
  • DDR double-data-rate
  • RAM random-access-memory
  • FIG. 2 shows private key 209 held in OTP 208, the invention is not limited in this regard, and those skilled in the art will recognize that private key 209 could be held securely in other means such as polysilicon fuses, read-only memory (ROM) or logic gates, etc.
  • FIG. 3 is a flow chart illustrating a process 300 for mating an external code image with an on-chip private key in accordance with some implementations of the invention. While, for ease of explanation, process 300 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible. While process 300 and related processes are discussed below using the example of a code image, the invention is not limited in this regard and contemplates the term code image to encompass any information confidential or otherwise, whether executable code or non-executable data. Thus the term code image encompasses a code image, a boot code image, one or more keys, or data in general, confidential or otherwise, to name several examples.
  • Process 300 may begin with the provision of a code image [act 302].
  • act 302 may be undertaken by wireless receiver 116 receiving via antenna 118 a boot code image (e.g., CodeA), and I/O controller 114 conveying that boot code image to EL 204 of CM 202 located within media processor 102.
  • Act 302 is not, however, limited to boot code images or to obtaining code images wirelessly and, thus, act 302 may comprise providing the code image through other devices (not shown) coupled to system 100 by, for example, by I/O controller 114.
  • Process 300 may continue with the provision of a code key [act 304].
  • Act 304 may be undertaken along the same lines as discussed directly above with regard to act 302.
  • Process 300 may continue with the encryption of the code image [act 306].
  • EL 204 may use the code key provided in act 304 (e.g., K A ) to encrypt the code image.
  • K A code key provided in act 304
  • EL 204 may employ well known cryptographic techniques, such as the Advanced Encryption Standard (AES) algorithm to undertake act 306.
  • AES Advanced Encryption Standard
  • Process 300 may then continue with the placement of the encrypted code image in unsecured storage [act 308].
  • Process 300 may continue with the provision of an encryption key [act 310].
  • act 308 may be undertaken by having CM 202 obtain the private key 209 from OTP 208 and employ that key as an encryption key.
  • KDL 210 and EL 204 may undertake act 310 by obtaining private key 209 from OTP 208 and using private key 209 as a root key to derive the encryption key.
  • Figure 4 is a flow chart illustrating a process 400 for providing an encryption key in accordance with some implementations of act 310 of process 300. While, for ease of explanation, process 400 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
  • Process 400 may begin with the provision of a master key [act 402].
  • KDL 210 may undertake act 402 by deriving a master key using well known PKI techniques and providing that master key to CM 202.
  • KDL 210 may undertake act 402 by deriving a master key using well known PKI techniques and providing that master key to CM 202.
  • the invention is not limited to hardware implementations of key derivation, such as KDL 210, and also contemplates deriving keys using, for example, an external software application to derive keys such as the master key of act 402 or similar acts.
  • Process 400 may then continue with the provision of a private key [act 404].
  • act 404 may be undertaken by having CM 202 obtain the private key 209 from OTP 208.
  • Process 400 may continue with the encryption of the master key [act 406] and the storage of the resulting encrypted master key [act 407].
  • act 406 may be undertaken by EL 204 using well known encryption techniques and the private key provided in act 404
  • act 407 may be undertaken by CM 202 providing the encrypted master key to unsecured storage 212.
  • Process 400 may then continue with the provision of a platform key [act 408] and the encryption of the platform key [act 410] using the master key.
  • Acts 408 and 410 may be undertaken in the same manner as acts 404 and 406 respectively as described above.
  • the product of act 410, the encrypted platform key may be stored [act 412] in, for example, unsecured storage 212.
  • the platform key provided in act 408 may be used as the encryption key provided in act 310 of process 300.
  • process 400 depicts the use of two keys, a master key and a platform key, the invention is not limited to particular types of keys employed in process 400 nor is the invention limited to the use of two keys in process 400. Thus, for example, additional keys may be employed in processes similar to process 400.
  • process 300 may then continue with the encryption of the code key [act 312] using the encryption key provided in act 310.
  • act 312 may be undertaken by EL 204 using well known encryption techniques to encrypt the code key with the encryption key provided in act 310.
  • Process 300 may then conclude with the placement of the encrypted code key (e.g., QK A ) in unsecured storage [act 314].
  • the encrypted code key e.g., QK A
  • One way to undertake act 314 is to have CM 202 place the encrypted code key in storage 212 in association with the corresponding code image that was encrypted with the code key in act 306.
  • process 300 may be undertaken two or more times to result in two or more encrypted code images (e.g., eCodeA(KA), eCodeB(K B ), etc.) and associated encrypted code keys (e.g., eKA, eK B , etc.) being placed in unsecured storage (e.g., storage 212).
  • the encryption of each code key may be undertaken using a different platform key unique to each code key.
  • Figure 5 is a flow chart illustrating a process 500 for mating an external code image with an on-chip private key in accordance with some implementations of the invention. While, for ease of explanation, process 500 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
  • Process 500 may begin with the provision of an encrypted code key [act 502].
  • act 502 may be undertaken by having CM 202, in response to one or more commands from processor core(s) 216, obtaining an encrypted code key (e.g., QK A ) from unsecured storage 212 where, for example, CM 202 had placed that encrypted code key in storage 212 in act 314.
  • Process 500 may then continue with the provision of a decryption key [act 504].
  • act 504 may be undertaken by having CM 202 obtain the private key 209 from OTP 208 and employ private key 209 as a decryption key.
  • FIG. 6 is a flow chart illustrating a process 600 for providing a decryption key in accordance with some implementations of act 504 of process 500. While, for ease of explanation, process 600 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
  • Process 600 may begin with the provision of an encrypted master key [act 602] .
  • CM 202 may undertake act 602 by obtaining an encrypted master key from unsecured storage 212.
  • Process 600 may then continue with the provision of a private key [act 604].
  • act 604 may be undertaken by having CM 202 obtain the private key 209 from OTP 208.
  • Process 600 may continue with the decryption of the encrypted master key [act 606].
  • act 606 may be undertaken by DL 206 using well known decryption techniques and the private key provided in act 604.
  • Process 600 may then continue with the provision of an encrypted platform key [act 608] and the decryption of the encrypted platform key [act 610] using the decrypted master key resulting from act 606.
  • Acts 608 and 610 may be undertaken in the same manner as acts 604 and 606 respectively as described above.
  • the product of act 610, the decrypted platform key may then be used as the decryption key provided in act 504 of process 500. [0035] Returning to Fig.
  • process 500 may then continue with the decryption of the encrypted code key [act 506] using the decryption key provided in act 504.
  • act 506 may be undertaken by DL 206 using well known decryption techniques to decrypt the encrypted code key with the decryption key provided in act 504.
  • Process 500 may then continue with the placement of the decrypted code key in secured storage [act 510].
  • One way to undertake act 510 is to have CM 202 place the decrypted or clear code key (e.g., K A ) in storage 214.
  • Process 500 may then continue with the provision of an encrypted code image [act 508].
  • act 508 may be undertaken by CM 202 obtaining an encrypted code image (e.g., eCodeA(K A )) from unsecured storage 212 where that encrypted code image is associated with the encrypted code key (e.g., eK ⁇ ) obtained in act 502.
  • the encrypted code image may then be decrypted [act 512] using the associated decrypted code key resulting from act 506.
  • act 512 may be undertaken by DL 206 using well known decryption techniques to decrypt the encrypted code image (e.g., eCodeA(KA)) using the associated decrypted code key (e.g., K A ).
  • Process 500 may then conclude with the placement of the decrypted code image in secured storage [act 514].
  • One way to undertake act 514 is to have CM 202 place the decrypted or clear code image (e.g., CodeA) in storage 214.
  • process 500 may be undertaken two or more times to result in two or more decrypted or clear code images (e.g., CodeA, CodeB, etc.) and associated decrypted code keys (e.g., K A , K B , etc.) being placed in secured storage (e.g., storage 214).
  • decrypted or clear code images e.g., CodeA, CodeB, etc.
  • decrypted code keys e.g., K A , K B , etc.
  • Systems 100/200 and/or processes 300-600 may, in accordance with some implementations of the invention, support hardware encrypt and decrypt functions that are destination specific (i.e., where the destination is unsecured storage versus secured storage) where those encrypt and decrypt hardware functions allow the mating of the contents of an external device (e.g., an external device providing a code image) to the IC chip containing a private key.
  • an external device e.g., an external device providing a code image
  • those encrypt and decrypt hardware functions allow the mating of multiple boot code images in a secure boot application or in storing other private keys off chip.
  • a host application having access to the chip with the private key may issue a command to the hardware function to encrypt a known code key, where the code key has been used to protect (i.e., encrypt or sign) a code image, and place the encrypted code key in unsecured storage with the encrypted code image.
  • the host application may then issue a second command to the hardware function to decrypt the encrypted code key and use the recovered code key to access (i.e., decrypt) the code image.
  • only a device or system with the private key used to create the encrypted code key can recover the code key and access the code image.
  • code image is protected by an externally provided code key
  • any number of independently protected code images may be created using distinct, independent code keys.
  • application code from different external sources may likewise be mated to the device or system holding the private key.
  • the private key is a shared secret
  • the owner of the shared secret can create the encrypted code key using an equivalent encrypt function without requiring the actual device or system (e.g., systems 100 or 200).
  • code image updates can be applied in the field and initial boot code programming can be done at manufacturing time without having to reveal the private key to the device or system customer and without having to run a special application on the device or system prior to programming the image.
  • Figs. 3-6 need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. For example, acts in processes 300, 400, 500 and/or 600 may be undertaken in parallel when processing multiple code images each having unique master and/or platform keys. In addition some acts may be undertaken before other acts. For example, the act 310 of process 300 may be undertaken prior to acts 302-308. Further, at least some of the acts in this figure may be implemented as instructions, or groups of instructions, implemented in a machine-readable medium.
  • the code images processed in processes 300 and 500 can be any arbitrary "secret" data such as a set of encryption keys or other data such as algorithm parameters.
  • many other implementations may be employed to enable mating an external code image with an on-chip private key consistent with the claimed invention.

Abstract

Apparatus, systems and methods for mating an external code image with an on- chip private key are disclosed including a method of receiving a code image and a code key and encrypting the code image and the code key if the code image and the code key are to be placed in unsecured storage. Other implementations are disclosed.

Description

METHOD AND APPARATUS TO MATE AN EXTERNAL CODE IMAGE WITH
AN ON-CHIP PRIVATE KEY
BACKGROUND [0001] Typical computing platforms use boot code to enable system start-up. Such code is a particularly attractive route for malevolent entities to gain access to such systems and thus requires protective mechanisms and/or schemes to prevent un-authorized access to the boot code or its image. Current methods for protecting boot code rely on physical restrictions such as burying signal layers to or from boot devices (e.g., memory devices that store boot code or boot code images), applying material such as glue to boot devices to prevent physical access, minimizing trace lengths between devices, etc. Typically, additional protection is provided in the form of a software chain of trust rooted in the boot code itself. However, a software chain of trust originating in the boot code can be compromised if the boot code itself can be accessed or replaced with malevolent boot code.
BRIEF DESCRIPTION OF THE DRAWINGS
[0002] The accompanying drawings, incorporated in and constituting a part of this specification, illustrate one or more implementations consistent with the principles of the invention and, together with the description of the invention, explain such implementations. The drawings, which should not be taken to limit the invention to the specific implementations shown therein, are also not necessarily to scale nor should they be considered exhaustive, the emphasis instead being placed upon illustrating the principles of the invention. In the drawings, [0003] Figure 1 is a block diagram illustrating a system in accordance with some implementations of the invention;
[0004] Figure 2 is a block diagram illustrating a system similar to portions of the system of Fig. 1 in accordance with some implementations of the invention; and [0005] Figures 3-6 are flow charts illustrating processes in accordance with some implementations of the invention. DETAILED DESCRIPTION
[0006] The following description refers to the accompanying drawings. Among the various drawings the same reference numbers may be used to identify the same or similar elements. While the following description provides a thorough understanding of the various aspects of the claimed invention by setting forth specific details such as particular structures, architectures, interfaces, techniques, etc., such details are provided for purposes of explanation and should not be viewed as limiting. Moreover, those of skill in the art will, in light of the present disclosure, appreciate that various aspects of the invention claimed may be practiced in other examples or implementations that depart from these specific details. At certain junctures in the following disclosure descriptions of well known devices, circuits, and methods have been omitted to avoid clouding the description of the present invention with unnecessary detail. [0007] Figure 1 illustrates an example system 100 according to some implementations of the invention. System 100 includes a media processor 102 coupled to a display controller 104, a cryptographic module 106, storage media 107 and a communications pathway 108. System 100 also includes memory 110 (e.g., dynamic random access memory (DRAM), static random access memory (SRAM), non-volatile memory such as flash memory, etc.) coupled to pathway 108, a display 112 coupled to controller 104, and an input/output (I/O) controller 114 coupled to pathway 108. In addition, system 100 includes wireless transmitter circuitry and wireless receiver circuitry 116 coupled to I/O controller 114 and an antenna 118 (e.g., dipole antenna, narrowband Meander Line Antenna (MLA), wideband MLA, inverted "F" antenna, planar inverted "F" antenna, Goubau antenna, Patch antenna, etc.) coupled to circuitry 116. [0008] System 100 may be any system suitable for the cryptographic processing of cryptographic keys, data or software instructions such as boot code or boot code images in accordance with implementations of the invention as will be described in greater detail below. Moreover, system 100 may assume a variety of physical implementations. For example, system 100 may be implemented in a personal computer (PC), a networked PC, a server computing system, a handheld computing platform (e.g., a personal digital assistant (PDA)), a gaming system (portable or otherwise), a 3D capable cellular telephone handset, etc. In addition, while all components of system 100 may be implemented within a single device, such as a system-on-a-chip (SOC) integrated circuit (IC), components of system 100 may also be distributed across multiple ICs or devices. For example, media processor 102, module 106, storage 107, pathway 108, memory 110, controller 114, circuitry 116 and antenna 118 may be implemented, in part, as multiple ICs contained within a single computing platform, such as a personal computer (PC) or a set top box (STB) to name a few examples, while display controller 104 may be implemented in a separate device such as display 112 coupled to media processor 102. Clearly, many such permutations are possible consistent with the functionality of system 100 as described herein. [0009] Media processor 102 may comprise special purpose or general purpose processor core (s) including any control and/or processing logic, hardware, software and/or firmware, capable of processing audio and/or image and/or video data and of providing display controller 104 with image and/or video data. Processor 102 may also utilize cryptographic module 106 to encrypt or decrypt cipher keys, data and/or software instructions such as boot code, and may provide encrypted or decrypted keys, data and/or software instructions such as boot code to memory 110 and/or storage 107 as will be explained in greater detail below. Those skilled in the art will recognize that processor 102 may also include control logic for controlling access to storage media 107 and/or memory 110. Moreover, while Fig. 1 shows cryptographic module 106 as a distinct device the invention is not limited in this regard and, for example, cryptographic module 106 may be implemented in media processor 102. [0010] Processor 102 may further be capable of performing any of a number of additional tasks that support mating an external code image with an on-chip private key. These tasks may include, for example, although the invention is not limited in this regard, obtaining external code images from devices external to system 100 by, for example, downloading such code images via antenna 118, transmitter and receiver circuitry 116 and I/O controller 114. Those skilled in the art will recognize that processor 102 may undertake other support tasks such as, initializing and/or configuring registers within module 106 or controller 104, interrupt servicing, etc. In addition, although the invention is not limited in this regard, processor 102 may include two or more processor cores. While Fig. 1 may be interpreted as showing media processors 102 and 104 as distinct devices, the invention is not limited in this regard and those of skill in the art will recognize that media processor 102 and display controller 104 and possibly additional components of system 100 may be implemented within a single IC. [0011] Display controller 104 may comprise any processing logic, hardware, software, and/or firmware, capable of converting graphics or image data supplied by media processor 102 into a format suitable for driving display 112 (i.e., display-specific data). For example, while the invention is not limited in this regard, processor 104 may provide graphics and/or image and/or video data to controller 104 in a specific color format, for example in a compressed red-green-blue (RGB) pixel format, and controller 104 may process that RGB data by generating, for example, corresponding liquid crystal display (LCD) drive data levels, etc. In addition, the invention is not limited to a particular type of display 112. Thus display 112 may be any type of display such as a LCD display, or an electroluminescent (EL) display, to name a few examples. [0012] Bus or communications pathway(s) 108 may comprise any mechanism for conveying information (e.g., encrypted code images, keys, etc.) between or amongst any of the elements of system 100. For example, although the invention is not limited in this regard, communications pathway(s) 108 may comprise a multipurpose bus capable of conveying, for example, code images and code keys to processor 102. Alternatively, pathway(s) 108 may comprise a wireless communications pathway
[0013] Figure 2 illustrates a system 200 similar to portions of system 100 and in accordance with some implementations of the invention. System 200 includes a cryptographic module (CM) 202 including encryption logic (EL) 204 and decryption logic (DL) 206, a one-time-programmable (OTP) memory 208 storing at least one private key 209, key derivation logic (KDL) 210 coupled to both OTP memory 208 and CM 202, unsecured storage 212 coupled to CM 202, secured storage 214 coupled to CM 202, and processor core(s) 216 coupled to secured storage 214 and CM 202. System 200 may be any system suitable for the cryptographic processing of keys, data or software instructions such as boot code or boot code images in accordance with implementations of the invention as will be described in greater detail below.
[0014] Like system 100, system 200 may assume a variety of physical implementations. While all components of system 200 may be implemented within a single device, such as a system-on-a-chip (SOC) integrated circuit (IC), components of system 100 may also be distributed across multiple ICs or devices. Moreover, processor core(s) 216 may comprise any special purpose or a general purpose processor core(s) including any control and/or processing logic, hardware, software and/or firmware, capable of supporting mating an external code image with an on-chip private key in accordance with implementations of the invention as will be explained in greater detail below. [0015] CM 202 may comprise any processing logic, hardware, software, and/or firmware, capable of enabling the mating of an external code image with a private key in accordance with implementations of the invention as will be explained in greater detail below. CM 202 may receive one or more code images (e.g., CodeA, CodeB, etc) and associated encryption keys (e.g., KA, KB, etc) from devices external to system 200. CM 202 may also receive private key 209 from OTP memory 208. In addition, CM 202 may receive one or more keys from derivation logic 210 where those keys have been derived from private key 209. [0016] CM 202 may then use EL 204 to encrypt each code image with an associated code key and store the resulting encrypted code image in unsecured storage 212. CM 202 may also use EL 204 and encryption keys such as private key 209 or the derived keys provided by derivation logic 210 to encrypt each code key and may then store the encrypted code key in unsecured storage 212 along with the associated encrypted code image. CM 202 may further use DL 206 to decrypt an encrypted code key retrieved from unsecured storage 212, use that decrypted code key to decrypt an associated encrypted code image, and store the resulting decrypted or clear code key and clear code image in secured storage 214. CM 202 may undertake these encryption and decryption tasks in response to commands issued by processor core(s) 216. The functionality of CM 202 may be similar to that of CM 106 of Fig.1.
[0017] The invention is not limited to a particular type of code key and/or to a particular type of cryptographic process implemented by EL 204 and DL 206. Thus, for example, those skilled in the art will recognize that the code keys associated with the code images and provided to system 200 may be dependent on the type of encryption process used by EL 204 to encrypt the code images with the code keys. Hence, for example, the code keys may be consistent with well known Public Key Infrastructure (PKI) techniques, such as the Rivest, Shamir, and Adelman (RSA) digital signature algorithm (DSA). Alternatively, the code keys may be keys consistent with other cryptographic schemes such as symmetric keys or random unique keys, to name a few more examples. [0018] Unsecured storage 212 may be, for example, any storage means that is user- accessible. In other words, the contents of storage 212 may be accessed by a user of system 200 in a conventional manner. For example, storage 212 may be a fixed nonvolatile memory device (e.g., flash memory, hard disk drive, etc.), or a removable nonvolatile memory device (e.g., a memory card containing flash memory, etc.) to name several examples. Thus, for example, storage 212 may be off-chip memory that is formed in a semiconductor substrate other than the semiconductor substrate incorporating CM 202 and/or processor core(s) 216. [0019] By contrast, secured storage 214 may be any storage means that is user- inaccessible. In other words, the contents of storage 214 may not be accessed by a user of system 200 in a conventional manner. For example, storage 214 may be on-chip or cache memory that is formed in the same semiconductor substrate as CM 202 and/or processor core(s) 216. Alternatively, for another example, storage 214 may comprise system memory, such as double-data-rate (DDR) random-access-memory (RAM), formed on a separate semiconductor substrate and coupled to processor core(s) 216 by a high speed system bus. Moreover, while Fig. 2 shows private key 209 held in OTP 208, the invention is not limited in this regard, and those skilled in the art will recognize that private key 209 could be held securely in other means such as polysilicon fuses, read-only memory (ROM) or logic gates, etc.
[0020] Figure 3 is a flow chart illustrating a process 300 for mating an external code image with an on-chip private key in accordance with some implementations of the invention. While, for ease of explanation, process 300 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible. While process 300 and related processes are discussed below using the example of a code image, the invention is not limited in this regard and contemplates the term code image to encompass any information confidential or otherwise, whether executable code or non-executable data. Thus the term code image encompasses a code image, a boot code image, one or more keys, or data in general, confidential or otherwise, to name several examples.
[0021] Process 300 may begin with the provision of a code image [act 302]. In some implementations of the invention, act 302 may be undertaken by wireless receiver 116 receiving via antenna 118 a boot code image (e.g., CodeA), and I/O controller 114 conveying that boot code image to EL 204 of CM 202 located within media processor 102. Act 302 is not, however, limited to boot code images or to obtaining code images wirelessly and, thus, act 302 may comprise providing the code image through other devices (not shown) coupled to system 100 by, for example, by I/O controller 114. Process 300 may continue with the provision of a code key [act 304]. Act 304 may be undertaken along the same lines as discussed directly above with regard to act 302.
[0022] Process 300 may continue with the encryption of the code image [act 306]. In some implementations of the invention, EL 204 may use the code key provided in act 304 (e.g., KA) to encrypt the code image. For example, EL 204 may employ well known cryptographic techniques, such as the Advanced Encryption Standard (AES) algorithm to undertake act 306. However, as noted above, the invention is not limited to any particular encryption technique employed by EL 204 in undertaking act 306 or any encryption and/or decryption acts described herein. Process 300 may then continue with the placement of the encrypted code image in unsecured storage [act 308]. One way to undertake act 308 is to have CM 202 place the encrypted code image (e.g., eCodeA(KA)) in storage 212. [0023] Process 300 may continue with the provision of an encryption key [act 310]. In some implementations of the invention, act 308 may be undertaken by having CM 202 obtain the private key 209 from OTP 208 and employ that key as an encryption key. Alternatively, KDL 210 and EL 204 may undertake act 310 by obtaining private key 209 from OTP 208 and using private key 209 as a root key to derive the encryption key. [0024] Figure 4 is a flow chart illustrating a process 400 for providing an encryption key in accordance with some implementations of act 310 of process 300. While, for ease of explanation, process 400 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
[0025] Process 400 may begin with the provision of a master key [act 402]. In some implementations of the invention, KDL 210 may undertake act 402 by deriving a master key using well known PKI techniques and providing that master key to CM 202. Those skilled in the art will recognize that the invention is not limited to hardware implementations of key derivation, such as KDL 210, and also contemplates deriving keys using, for example, an external software application to derive keys such as the master key of act 402 or similar acts. Process 400 may then continue with the provision of a private key [act 404]. In some implementations of the invention, act 404 may be undertaken by having CM 202 obtain the private key 209 from OTP 208.
[0026] Process 400 may continue with the encryption of the master key [act 406] and the storage of the resulting encrypted master key [act 407]. In some implementations of the invention, act 406 may be undertaken by EL 204 using well known encryption techniques and the private key provided in act 404, while act 407 may be undertaken by CM 202 providing the encrypted master key to unsecured storage 212. Process 400 may then continue with the provision of a platform key [act 408] and the encryption of the platform key [act 410] using the master key. Acts 408 and 410 may be undertaken in the same manner as acts 404 and 406 respectively as described above. The product of act 410, the encrypted platform key, may be stored [act 412] in, for example, unsecured storage 212. The platform key provided in act 408 may be used as the encryption key provided in act 310 of process 300. [0027] While process 400 depicts the use of two keys, a master key and a platform key, the invention is not limited to particular types of keys employed in process 400 nor is the invention limited to the use of two keys in process 400. Thus, for example, additional keys may be employed in processes similar to process 400. [0028] Returning to Fig. 3, process 300 may then continue with the encryption of the code key [act 312] using the encryption key provided in act 310. Once again, in some implementations of the invention, act 312 may be undertaken by EL 204 using well known encryption techniques to encrypt the code key with the encryption key provided in act 310. Process 300 may then conclude with the placement of the encrypted code key (e.g., QKA) in unsecured storage [act 314]. One way to undertake act 314 is to have CM 202 place the encrypted code key in storage 212 in association with the corresponding code image that was encrypted with the code key in act 306.
[0029] In accordance with some implementations of the invention, process 300 may be undertaken two or more times to result in two or more encrypted code images (e.g., eCodeA(KA), eCodeB(KB), etc.) and associated encrypted code keys (e.g., eKA, eKB, etc.) being placed in unsecured storage (e.g., storage 212). In addition, the encryption of each code key may be undertaken using a different platform key unique to each code key. [0030] Figure 5 is a flow chart illustrating a process 500 for mating an external code image with an on-chip private key in accordance with some implementations of the invention. While, for ease of explanation, process 500 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
[0031] Process 500 may begin with the provision of an encrypted code key [act 502]. In some implementations of the invention, act 502 may be undertaken by having CM 202, in response to one or more commands from processor core(s) 216, obtaining an encrypted code key (e.g., QKA) from unsecured storage 212 where, for example, CM 202 had placed that encrypted code key in storage 212 in act 314. Process 500 may then continue with the provision of a decryption key [act 504]. In some implementations of the invention, act 504 may be undertaken by having CM 202 obtain the private key 209 from OTP 208 and employ private key 209 as a decryption key. Alternatively, KDL 210 and EL 204 may undertake act 504 by obtaining private key 209 from OTP 208 and using private key 209 as a root key to derive the decryption key. [0032] Figure 6 is a flow chart illustrating a process 600 for providing a decryption key in accordance with some implementations of act 504 of process 500. While, for ease of explanation, process 600 may be described with regard to system 100 of Fig. 1 and/or system 200 of Fig. 2 the invention is not limited in this regard and other processes or schemes supported by appropriate devices in accordance with the claimed invention are possible.
[0033] Process 600 may begin with the provision of an encrypted master key [act 602] . In some implementations of the invention, CM 202 may undertake act 602 by obtaining an encrypted master key from unsecured storage 212. Process 600 may then continue with the provision of a private key [act 604]. In some implementations of the invention, act 604 may be undertaken by having CM 202 obtain the private key 209 from OTP 208.
[0034] Process 600 may continue with the decryption of the encrypted master key [act 606]. In some implementations of the invention, act 606 may be undertaken by DL 206 using well known decryption techniques and the private key provided in act 604. Process 600 may then continue with the provision of an encrypted platform key [act 608] and the decryption of the encrypted platform key [act 610] using the decrypted master key resulting from act 606. Acts 608 and 610 may be undertaken in the same manner as acts 604 and 606 respectively as described above. The product of act 610, the decrypted platform key, may then be used as the decryption key provided in act 504 of process 500. [0035] Returning to Fig. 5, process 500 may then continue with the decryption of the encrypted code key [act 506] using the decryption key provided in act 504. In accordance with some implementations of the invention, act 506 may be undertaken by DL 206 using well known decryption techniques to decrypt the encrypted code key with the decryption key provided in act 504. Process 500 may then continue with the placement of the decrypted code key in secured storage [act 510]. One way to undertake act 510 is to have CM 202 place the decrypted or clear code key (e.g., KA) in storage 214.
[0036] Process 500 may then continue with the provision of an encrypted code image [act 508]. In some implementations of the invention, act 508 may be undertaken by CM 202 obtaining an encrypted code image (e.g., eCodeA(KA)) from unsecured storage 212 where that encrypted code image is associated with the encrypted code key (e.g., eKλ) obtained in act 502. The encrypted code image may then be decrypted [act 512] using the associated decrypted code key resulting from act 506. In some implementations of the invention, act 512 may be undertaken by DL 206 using well known decryption techniques to decrypt the encrypted code image (e.g., eCodeA(KA)) using the associated decrypted code key (e.g., KA). Process 500 may then conclude with the placement of the decrypted code image in secured storage [act 514]. One way to undertake act 514 is to have CM 202 place the decrypted or clear code image (e.g., CodeA) in storage 214. [0037] In accordance with some implementations of the invention, process 500 may be undertaken two or more times to result in two or more decrypted or clear code images (e.g., CodeA, CodeB, etc.) and associated decrypted code keys (e.g., KA, KB, etc.) being placed in secured storage (e.g., storage 214).
[0038] Systems 100/200 and/or processes 300-600 may, in accordance with some implementations of the invention, support hardware encrypt and decrypt functions that are destination specific (i.e., where the destination is unsecured storage versus secured storage) where those encrypt and decrypt hardware functions allow the mating of the contents of an external device (e.g., an external device providing a code image) to the IC chip containing a private key. In particular, where those encrypt and decrypt hardware functions allow the mating of multiple boot code images in a secure boot application or in storing other private keys off chip. Thus, in accordance with some implementations of the invention, a host application having access to the chip with the private key may issue a command to the hardware function to encrypt a known code key, where the code key has been used to protect (i.e., encrypt or sign) a code image, and place the encrypted code key in unsecured storage with the encrypted code image. The host application may then issue a second command to the hardware function to decrypt the encrypted code key and use the recovered code key to access (i.e., decrypt) the code image. In this manner, only a device or system with the private key used to create the encrypted code key can recover the code key and access the code image. [0039] In addition, in accordance with some implementations of the invention, because the code image is protected by an externally provided code key, any number of independently protected code images may be created using distinct, independent code keys. In this way, application code from different external sources may likewise be mated to the device or system holding the private key. Further, when the private key is a shared secret the owner of the shared secret can create the encrypted code key using an equivalent encrypt function without requiring the actual device or system (e.g., systems 100 or 200). Thus, in accordance with some implementations of the invention, code image updates can be applied in the field and initial boot code programming can be done at manufacturing time without having to reveal the private key to the device or system customer and without having to run a special application on the device or system prior to programming the image.
[0040] The acts shown in Figs. 3-6 need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. For example, acts in processes 300, 400, 500 and/or 600 may be undertaken in parallel when processing multiple code images each having unique master and/or platform keys. In addition some acts may be undertaken before other acts. For example, the act 310 of process 300 may be undertaken prior to acts 302-308. Further, at least some of the acts in this figure may be implemented as instructions, or groups of instructions, implemented in a machine-readable medium. [0041] While the foregoing description of one or more instantiations consistent with the claimed invention provides illustration and description of the invention it is not intended to be exhaustive or to limit the scope of the invention to the particular implementations disclosed. Clearly, modifications and variations are possible in light of the above teachings or may be acquired from practice of various implementations of the invention. For example, the code images processed in processes 300 and 500 can be any arbitrary "secret" data such as a set of encryption keys or other data such as algorithm parameters. Clearly, many other implementations may be employed to enable mating an external code image with an on-chip private key consistent with the claimed invention. [0042] No device, element, act, data type, instruction etc. set forth in the description of the present invention should be construed as critical or essential to the invention unless explicitly described as such. Also, as used herein, the article "a" is intended to include one or more items. Moreover, when terms or phrases such as "coupled" or "responsive" or "in communication with" are used herein or in the claims that follow, these terms are meant to be interpreted broadly. For example, the phrase "coupled to" may refer to being communicatively, electrically and/or operatively coupled as appropriate for the context in which the phrase is used. Variations and modifications may be made to the above- described implementation(s) of the claimed invention without departing substantially from the spirit and principles of the invention. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.

Claims

WHAT IS CLAIMED:
1. A method comprising: receiving a code image and a code key; and encrypting the code image and the code key before placing the code image and the code in unsecured storage.
2. The method of claim 1 , wherein unsecured storage comprises storage that is user- accessible.
3. The method of claim 1 , wherein encrypting the code image and the code key if the code image and the code key are to be placed in unsecured storage comprises: encrypting the code image with the code key; and encrypting the code key with a first key.
4. The method of claim 3, wherein encrypting the code key with a first key comprises: encrypting a second key with a private key; encrypting the first key with the second key; and encrypting the code key with the first key.
5. The method of claim 1 , further comprising: decrypting the encrypted code image and the encrypted code key before placing the code image and the code key in secured storage.
6. The method of claim 5, wherein secured storage comprises storage that is user- inaccessible.
7. The method of claim 5, wherein decrypting the code image and the code key if the code image and the code key are to be placed in secured storage comprises: decrypting the code key with a first key; and decrypting the code image with the code key.
8. The method of claim 7, wherein decrypting the code key using a first key comprises: decrypting a second key with a private key; decrypting the first key with the second key; and decrypting the code key with a first key.
9. The method of claim 1, wherein the code image comprises one of a code image, a boot code image, a key, or data.
10. The method of claim 1 , further comprising: receiving another code image and another code key; and encrypting the another code image and the another code key if the another code image and the another code key are to be placed in unsecured storage.
11. An apparatus comprising: user-accessible storage; user-inaccessible storage; encryption logic to encrypt a first code image and a first code key to provide an encrypted first code image and an encrypted first code key if the first code image and the first code key are to be placed in the user-accessible storage; and decryption logic to decrypt the encrypted first code image and the encrypted first code key if the first code image and the first code key are to be placed in the user- inaccessible storage.
12. The apparatus of claim 11 , further comprising: memory to hold a private key, wherein the encryption logic is at least capable of encrypting the first code key with the private key.
13. The apparatus of claim 11 , further comprising: memory to hold a private key; and key derivation logic at least capable of deriving an encryption key from the private key, wherein the encryption logic is at least capable of encrypting the first code key with the encryption key.
14. The apparatus of claim 11, wherein the user-inaccessible storage comprises one of memory formed in the same semiconductor substrate as the encryption logic, or memory coupled to the encryption logic by a system bus.
15. The apparatus of claim 11, wherein the encryption logic at least further capable of encrypting a second code image and a second code key to provide an encrypted second code image and an encrypted second code key if the second code image and the second code key are to be placed in the user-accessible storage, and wherein the decryption logic at least further capable of decrypting the encrypted second code image and the encrypted second code key if the second code image and the second code key are to be placed in the user-inaccessible storage.
16. The apparatus of claim 11, wherein the user-accessible storage comprises one of a fixed non- volatile memory device, or a removable non- volatile memory device.
17. The apparatus of claim 11, wherein the code image comprises one of a code image, a boot code image, a key, or data.
18. A system comprising: user-accessible storage; user-inaccessible storage; encryption logic at least capable of encrypting a first code image and a first code key to provide an encrypted first code image and an encrypted first code key if the first code image and the first code key are to be placed in the user-accessible storage; decryption logic at least capable of decrypting the encrypted first code image and the encrypted first code key if the first code image and the first code key are to be placed in the user-inaccessible storage; and wireless receiver circuitry coupled to the encryption logic, the receiver circuitry at least capable of receiving the first code image and the first code key.
19. The system of claim 18, further comprising: memory to hold a private key, wherein the encryption logic is at least capable of encrypting the first code key with the private key.
20. The system of claim 18, further comprising: memory to hold a private key; and key derivation logic at least capable of deriving an encryption key from the private key, wherein the encryption logic is at least capable of encrypting the first code key with the encryption key.
21. The system of claim 18, wherein the user-inaccessible storage comprises one of memory formed in the same semiconductor substrate as the encryption logic, or memory coupled to the encryption logic by a system bus.
22. The system of claim 18, wherein the encryption logic at least further capable of encrypting a second code image and a second code key to provide an encrypted second code image and an encrypted second code key if the second code image and the second code key are to be placed in the user-accessible storage, and wherein the decryption logic at least further capable of decrypting the encrypted second code image and the encrypted second code key if the second code image and the second code key are to be placed in the user-inaccessible storage.
23. The system of claim 18, wherein the user-accessible storage comprises one of a fixed non- volatile memory device, or a removable non- volatile memory device.
24. The system of claim 18, wherein the code image comprises one of a code image, a boot code image, a key, or data.
PCT/US2007/064321 2006-04-07 2007-03-19 Method and apparatus to mate an external code image with an on-chip private key WO2007117879A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP07758833A EP2005642A4 (en) 2006-04-07 2007-03-19 Method and apparatus to mate an external code image with an on-chip private key
JP2008553557A JP2009525556A (en) 2006-04-07 2007-03-19 Method and apparatus for matching an external code image to a private key on a chip

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40076606A 2006-04-07 2006-04-07
US11/400,766 2006-04-07

Publications (1)

Publication Number Publication Date
WO2007117879A1 true WO2007117879A1 (en) 2007-10-18

Family

ID=38581433

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/064321 WO2007117879A1 (en) 2006-04-07 2007-03-19 Method and apparatus to mate an external code image with an on-chip private key

Country Status (4)

Country Link
EP (1) EP2005642A4 (en)
JP (1) JP2009525556A (en)
CN (1) CN101433013A (en)
WO (1) WO2007117879A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009140487A1 (en) * 2008-05-16 2009-11-19 Ati Technologies Ulc Integrated circuit with secured software image and method therefor
CN105046138A (en) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 FT-processor based trust management system and method
WO2016088273A1 (en) * 2014-12-05 2016-06-09 富士通株式会社 Security device and control method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040097717A (en) * 2003-05-13 2004-11-18 펜타시큐리티시스템 주식회사 Method and system for transporting session key
KR20050104220A (en) * 2004-04-28 2005-11-02 주식회사 니츠 Management method and terminal apparatus for management function of secret key

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1593015B1 (en) * 2003-02-03 2018-05-30 Nokia Technologies Oy Architecture for encrypted application installation
JP4691337B2 (en) * 2003-08-26 2011-06-01 パナソニック株式会社 Program execution device, certificate authority device
US7734932B2 (en) * 2003-11-10 2010-06-08 Broadcom Corporation System and method for securing executable code
JP2005227995A (en) * 2004-02-12 2005-08-25 Sony Corp Information processor, information processing method and computer program
EP2267625A3 (en) * 2004-04-19 2015-08-05 Lumension Security S.A. On-line centralized and local authorization of executable files

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040097717A (en) * 2003-05-13 2004-11-18 펜타시큐리티시스템 주식회사 Method and system for transporting session key
KR20050104220A (en) * 2004-04-28 2005-11-02 주식회사 니츠 Management method and terminal apparatus for management function of secret key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2005642A4 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009140487A1 (en) * 2008-05-16 2009-11-19 Ati Technologies Ulc Integrated circuit with secured software image and method therefor
CN102027707A (en) * 2008-05-16 2011-04-20 Ati技术无限责任公司 Integrated circuit with secured software image and method therefor
WO2016088273A1 (en) * 2014-12-05 2016-06-09 富士通株式会社 Security device and control method
JPWO2016088273A1 (en) * 2014-12-05 2017-09-07 富士通株式会社 Security device and control method
CN105046138A (en) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 FT-processor based trust management system and method

Also Published As

Publication number Publication date
CN101433013A (en) 2009-05-13
JP2009525556A (en) 2009-07-09
EP2005642A4 (en) 2011-12-21
EP2005642A1 (en) 2008-12-24

Similar Documents

Publication Publication Date Title
US20090323971A1 (en) Protecting independent vendor encryption keys with a common primary encryption key
US7984301B2 (en) Bi-processor architecture for secure systems
US5828753A (en) Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
US9230109B2 (en) Trusted platform module security
CN104252881B (en) Semiconductor integrated circuit and system
US7213157B2 (en) Integrated circuit for digital rights management
US8645677B2 (en) Secure remote credential provisioning
US7571329B2 (en) Method of storing unique constant values
US20070223704A1 (en) Method and apparatus for authenticated, recoverable key distribution with no database secrets
US20140016776A1 (en) Establishing unique key during chip manufacturing
US20160026783A1 (en) System, apparatus, and method for anti-replay protection of data stored in a non-volatile memory device
JPH076096A (en) Data storage device
US10248579B2 (en) Method, apparatus, and instructions for safely storing secrets in system memory
JP4964945B2 (en) Support for multiple key ladders using a common private key set
US20080019517A1 (en) Control work key store for multiple data streams
US20110239211A1 (en) System, apparatus, and method for downloading firmware
US10841287B2 (en) System and method for generating and managing a key package
US20070226806A1 (en) Method and apparatus for enhancing cryptographic engines against security attacks
WO2007117879A1 (en) Method and apparatus to mate an external code image with an on-chip private key
US20200356285A1 (en) Password protected data storage device and control method for non-volatile memory
EP3881215B1 (en) Method for providing a secret unique key for a volatile fpga
KR101610182B1 (en) Client terminal security apparatus and method of remote learning data service system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07758833

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2007758833

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2008553557

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 200780012102.3

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE