Patent Application
20150312228
1. Field
The present invention relates generally to generating derivative keys in a system-on-a-chip (SoC) device.
2. Background
A number of “master keys” are provisioned to a system-on-a-chip (SoC) device very early in the lifecycle of the device. These master keys may be owned by one of a number of separate parties. The ability to generate a specific derivative key from a Master Key is controlled via a PKI-based signing model, where one party, typically the chip supplier, holds a root key. The holder of the root key is able to delegate authority, using a delegate certificate, to a party to create specific derivative keys for their own use, while firewalling the party from other parties. Every derivative key has signed metadata that governs the security policy of each derivative key.
There is therefore a need for a technique for preventing the generation of a duplicate derivative key based on weaker metadata in an SoC device.
An aspect of the present invention may reside in an integrated circuit, comprising: a processor configured to: receive a delegate certificate, wherein the delegate certificate includes a first public key; validate a digital signature of the delegate certificate using a second public key; and generate a derivative key using a secret key securely stored in the integrated circuit and using the first public key as inputs to a key derivation function.
In more detailed aspects of the invention, the first public key may be of a first party, and the secret key may be a master key of the first party. The secret key may be available to the first party and not available to a second party, and a second private key may be of a second party and may not be available to the first party. The first party may be a service provider and/or an original equipment manufacturer. The second party may be a supplier and/or manufacturer of the integrated circuit.
Another aspect of the invention may reside in an integrated circuit, comprising: means for receiving a delegate certificate, wherein the delegate certificate includes signed metadata governing a security policy; means for validating a digital signature of the delegate certificate using a public key; and means for generating a derivative key using a secret key securely stored in the integrated circuit and using the signed metadata as inputs to a key derivation function.
Another aspect of the invention may reside in a remote station, comprising: a processor configured to: receive a delegate certificate having a digital signature; validate a digital signature using a public key; and generate a derivative key using a secret key securely stored in the processor and using the digital signature as inputs to a key derivation function.
Another aspect of the invention may reside in a remote station, comprising: a processor configured to: receive a delegate certificate, wherein the delegate certificate includes a first public key; validate a digital signature of the delegate certificate using a second public key; and generate a derivative key using a secret key securely stored in the processor and using the first public key as inputs to a key derivation function.
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.
With reference to
In more detailed aspects of the invention, the first public key KPUB1 may be of a first party B 320, and the secret key SK may be a master key MK of the first party 320. The secret key may be available to the first party and not available to a second party A 330, and a private key KPRI2, corresponding to the second public key KPUB2, may be of the second party and may not be available to the first party. The first party may be a service provider and/or an original equipment manufacturer (OEM). The second party may be a supplier and/or manufacturer of the integrated circuit 310. The integrated circuit may be a system-on-a-chip (SoC) device.
In preliminary operations, the first party 320 may send its public key KPUB1 to the second party 330 (step 202). The second party may generate the delegate certificate CERT (step 204), and forward the generated certificate to the first party (step 206).
With further reference to
A method 500 for generating the digital signature CERT SIG for the delegate certificate CERT in a message MSG from the first party 320 is shown in
A method 600 for validating the digital signature CERT SIG of the delegate certificate CERT is shown in
A method for generating the derivative key DK, using the secret key SK securely stored in the SoC device 310 and using the public key KPUB1 of the first party received in the delegate certificate CERT as inputs to the key derivation function KDF, is shown in
Another aspect of the invention may reside in an integrated circuit 102, comprising: means 410 for receiving a delegate certificate CERT, wherein the delegate certificate includes signed metadata governing a security policy; means 410 for validating a digital signature of the delegate certificate using a public key KPUB2; and means for generating a derivative key DK using a secret key SK securely stored in the integrated circuit and using the signed metadata as inputs to a key derivation function.
Another aspect of the invention may reside in a remote station 102, comprising: a processor 410 configured to: receive a delegate certificate CERT having a digital signature; validate the digital signature using a public key KPUB2; and generate a derivative key DK using a secret key SK securely stored in the processor and using the digital signature as inputs to a key derivation function.
Another aspect of the invention may reside in a remote station 102, comprising: a processor 410 configured to: receive a delegate certificate CERT, wherein the delegate certificate includes a first public key KPUB1; validate a digital signature of the delegate certificate using a second public key KPUB2; and generate a derivative key DK using a secret key SK securely stored in the processor and using the first public key as inputs to a key derivation function.
Another aspect of the present invention may reside in a method 200 for deriving a derivative key DK in a system-on-a-chip (SoC) device 310. In the method, the SoC device receives a delegate certificate CERT from a first party 320 (step 210). The delegate certificate includes a public key KPUB1 of the first party, and a digital signature of the delegate certificate is generated based on a private key KPRI2 of a second party. The SoC device validates the digital signature of the delegate certificate using a public key KPUB2 of the second party (step 220). The SoC device generates the derivative key using a secret key SK securely stored in the SoC device and using the public key of the first party as inputs to a key derivation function (KDF) (step 230).
Another aspect of the invention may reside in a computer program product, comprising: computer-readable medium 420, comprising: code for causing a computer to receive a delegate certificate CERT from a first party 320, wherein the delegate certificate includes a public key KPUB1 of the first party, and a digital signature of the delegate certificate is generated based on a private key KPRI2 of a second party 330; code for causing the computer to validate the digital signature of the delegate certificate using a public key KPUB2 of the second party 330; and code for causing the computer to generate a derivative key DK using a secret key SK securely stored in a system-on-a-chip (SoC) device and using the public key KPUB1 of the first party as inputs to a key derivation function.
The key derivation functions (KDF) may be the function(s) defined in NIST Special Publication 800-108, which uses a pseudo random function (PRF) in counter (feedback) mode. Alternatively, the KDF may be the function(s) defined in RFC 5869 or ISO-18033-2.
The delegate certificate CERT may be a compact, shorthand form of a digital certificate. A certificate in accordance with the standard X.509 certificate format and other similar formats have many fields that may not be utilized in the techniques of the invention and that may complicate the implementation of the invention in “pure hardware.”
With reference to
With reference to
The secret key SK may be one of several master keys provisioned in the SoC device. Each master key may be owned by, or may pertain to, a separate party, such as a video service provider, an OEM, etc. A delegate certificate issued to one party should not permit the creation of a delegate key of another party.
With reference to
Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software as a computer program product, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both non-transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
