Patent Application
20140219442
Just like the fashion industry, electronic products can be copied and sold as a cheap versions of an original manufacturers' product. In an effort to prevent such dilution of a company's product as well as to prevent the loss of sales, or licensing revenue associated with the product or accessory devices that work with the product, electronic companies have begun to use authentication processes to confirm that their master electronic products connect with and use only authentic, authorized versions of certain complementary components or accessories and vice versa. In some cases, chip authentication can rely on authentication keys that need to be distributed to contract chip manufactures or subsidiary divisions that make chips for a master electronic device, an accessory device or both. The keys can then be further distributed within the chip manufacturer before being integrated into the final product. The distribution of the authentication keys can provide excellent opportunities for authentication keys to be compromised and sold to entities capable of integrating the authentication keys in cheap “knock-offs” that can undermine the revenue, market presence, and the future of an innovative electronic manufacturer or electronic design company.
This document discusses, among other things, a method of distributing authentication keys that can prevent certain forms of circuit fabrication piracy. In an example, a method can include selecting a number of authentication keys for generation at a key generation computer, generating a random number using a random number generator of the key generation computer, generating the number of authentication keys using the random number and a key generation algorithm stored in the memory of the key generation computer, scrambling each of the number of authentication keys using a scrambling routine executing on the key generation computer, and distributing the scrambled authentication keys to an authorized manufacturers.
This section is intended to provide an overview of subject matter of the present patent application. It is not intended to provide an exclusive or exhaustive explanation of the invention. The detailed description is included to provide further information about the present patent application.
In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document.
Companies that invent or design electronic devices often have manufacturing facilities located throughout the world to take advantage of a certain regions expertise or low manufacturing costs, for example. In some situations, the company can contract to have certain components or products manufactured. In some situations, the company can design an entire line of electrical products designed to connect with each other and enhance the usability of one or more of the products. Such product lines can be very trend setting and valuable and very attractive for opportunistic entities to make and sell some of the components without authorization of the product line owner.
In the illustrated example, the technology owner can contract with or license other companies or other divisions of the technology owner to fabricate integrated circuits associated with one or more products within a complimentary product line such as interface integrated circuits for a master product and complementary interface integrated circuits for accessory devices configured to couple to the master product and enhance the functionality of the mater product or the user experience of the master product. In certain examples, the chips can be interface chips such as interface chips configured to couple to a communication port of each device.
In certain examples, the technology owner can mandate that whenever a master product couples to an accessory device, an authentication routine takes place to determine whether the accessory is an authorized authentic device and that the master product is an authorized authentic device. To facilitate the authentication process, the technology owner, such as an integrated circuit design company, can generate a number of authentication keys and distribute the keys to the locations where final testing of one or more of the chips used in the master product or the accessories is conducted so that the authentication keys can be saved in memory associated with the chip. In some situations, the authentication keys include one or more master authentication keys, and one or more slave authentication keys. In certain examples, the master authentication keys can be associated with a master product. In certain examples, the slave authentication keys can be distributed to entities associated with designing, fabricating and assembling accessory devices for use with the master device.
Upon connection of an authentic master device with an authentic slave device, one of the devices can provide an authentication challenge to the other device. The authentication challenge can include one or more pieces of challenge data. The challenged device can encrypt the challenge data and return the encrypted challenge data to the other device. The other device can decrypt the challenge data and compare it to expected data to determine whether the challenged device is authentic. If it is determined a device is not an authorized authentic device, the functionality of the challenged device can be ignored by the authentic device in certain examples.
The type of distribution system illustrated in
For opportunistic counterfeiters, obtaining a master authentication key or a authentication key can be very lucrative as they can then provide discount devices that appear to be authentic to a market that is probably paying a premium for a well-engineered and well-fabricated products authorized and quality controlled by the technology owner. Such lower quality counterfeit products can diminish the user experience of the technology owner's products and can deflate the potential market of the technology owner.
In certain examples, scrambled keys and an optional random number (RN) used to descramble the authentication keys can be distributed to integrated circuit (IC) manufacturers 210 for inclusion with authentic integrated circuits. In some examples, a descrambling algorithm can be provided to the IC manufacturers and can be embedded into integrated circuits. In certain examples, during final test of the ICs, one or more authentication keys can be loaded into memory of the integrated circuit, such as non-volatile memory (NVM). In the example of
In certain examples, the scrambling routine or script used to scramble a set of authentication keys can be securely stored as the scrambling routine or script can provide a counterfeiter with the best opportunity to identify the authentication keys and successfully use the authentication keys for fully functional knock-off devices. In certain examples, the scrambling script or routine may need to be accessed to assist in revoking one or more authentication keys. In certain examples, revocation of an authentication key can include electronically distributing revocation information identifying the revoked key. In some examples, a revocation can include sending revocation commands over a network such as a wireless or cellular network to provide the revocation information to one or more master devices. In certain examples, the technology owner can distribute a descrambling circuit design with the authentication keys. The descrambling circuit can be fabricated with each integrated circuit and used to descramble the authentication keys for authenticating the integrated circuit
In certain examples, an integrated circuit can receive a scrambled authentication key and can save the scrambled authentication key in memory for subsequent use in authenticating the integrated circuit with a connected integrated circuit. In such examples, the scrambled authentication key can be unscrambled when read from the memory. In certain examples, the memory can include non-volatile memory. In certain examples, an integrated circuit can receive a scrambled authentication key, can unscramble the scrambled authentication key and can then save the unscrambled authentication key in memory for subsequent use in authenticating the integrated circuit with a connected integrated circuit. In certain examples, integrated circuits can communicate and authenticate with other integrated circuits over a communication network. Such networks can include, wired networks and wireless networks. In some examples, integrated circuits can communicate and authenticate with other integrated circuits over a serial communication network such as a Universal Serial Bus (USB) network.
In Example 1, a method of preventing circuit fabrication piracy can include selecting a number of authentication keys for generation at a key generation computer, generating a random number using a random number generator of the key generation computer, generating the number of authentication keys using the random number and a key generation algorithm stored in the memory of the key generation computer, scrambling each of the number of authentication keys using a scrambling routine executing on the key generation computer, and distributing the scrambled authentication keys to an authorized manufacturers.
In Example 2, the method of Example 1 optionally includes distributing a descrambling circuit design associated with the scrambling routine to the authorized manufacturer.
In Example 3, the number of authentication keys associated with the key generation algorithm of any one or more of Examples 1-2 optionally includes a single master key and one or more slave keys.
In Example 4, the number of authentication keys associated with the key generation algorithm of any one or more of Examples 1-3 optionally includes one or more vendor IDs, wherein one vendor ID of the one or more vendor IDs is configured to identify the authorized manufacturer.
In Example 5, the distributing the scrambled authentication keys to an authorized manufacturer of any one or more of Examples 1-4 optionally includes distributing a vendor ID to the authorized manufacturer.
In Example 6, the method of any one or more of Examples 1-5 optionally includes electronically distributing revocation information identifying a revoked slave key.
In Example 7, a method of preventing circuit fabrication piracy can include receiving a plurality of scrambled authentication keys at an authorized manufacturer from an entity associated with a design of an integrated circuit, wherein the authorized manufacturer is authorized to manufacture the integrated circuit, is authorized to manufacture a master electronic device using the integrated circuit, or is authorized to manufacture an accessory using the integrated circuit, wherein the accessory is configured to couple to the master electronic device, and electronically saving a representation of an authentication key in a memory location of the integrated circuit during a final test stage of the integrated circuit.
In Example 8, the authorized manufacturer is authorized to manufacture the integrated circuit and the method of any one or more of Examples 1-7 optionally includes receiving a descrambling circuit design from the entity.
In Example 9, the method of any one or more of Examples 1-8 optionally includes manufacturing a descrambling circuit according to the descrambling circuit design.
In Example 10, the electronically saving the representation of an authentication key of any one or more of Examples 1-9 optionally includes electronically saving the representation of the authentication key in non-volatile memory of the integrated circuit.
In Example 11, the electronically saving a representation of an authentication key of any one or more of Examples 1-10 optionally includes descrambling the scrambled authentication key using the descrambling circuit to provide the representation of the authentication key to the non-volatile memory for saving.
In Example 12, the embedded integrated circuit of the accessory device of any one or more of Examples 1-9 optionally includes a cryptography circuit, and the method of any one or more of Examples 1-9 optionally includes receiving authentication information at the integrated circuit, and providing encrypted authentication information using the cryptography circuit and an authentication key derived from the representation of the authentication key saved in the non-volatile memory.
In Example 13, the representation of the authentication key of any one or more of Examples 1-12 optionally includes the scrambled authentication key, and the providing encrypted authentication information of any one or more of Examples 1-12 optionally includes retrieving the scrambled authentication key from the non-volatile memory, and descrambling the scrambled authentication key using the descrambling circuit to provide the authentication key to the cryptography circuit.
In Example 14, an accessory for a master electronic device can include a communication port, and an integrated circuit chip coupled to the communication port and configured to receive a scrambled representation of an authentication key, the integrated circuit including a descrambling circuit configured to descramble the scrambled representation of an authentication key to provide the authentication key, non-volatile memory configured to store a representation of the authentication key, and a cryptography circuit configured to receive authentication information and to provide an encrypted authentication key using the authentication information and the authentication key.
In Example 15, the representation of the authentication key of any one or more of Examples 1-14 optionally includes the scrambled representation of the authentication key.
In Example 16, the representation of the authentication key of any one or more of Examples 1-15 optionally includes the authentication key.
In Example 17, the communication port of any one or more of Examples 1-16 optionally includes a Universal Serial Bus (USB) port.
In Example 18, the communication port of any one or more of Examples 1-17 optionally includes a wireless communication port.
The above detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show, by way of illustration, specific embodiments in which the invention can be practiced. These embodiments are also referred to herein as “examples.” All publications, patents, and patent documents referred to in this document are incorporated by reference herein in their entirety, as though individually incorporated by reference. In the event of inconsistent usages between this document and those documents so incorporated by reference, the usage in the incorporated reference(s) should be considered supplementary to that of this document; for irreconcilable inconsistencies, the usage in this document controls.
In this document, the terms “a” or “an” are used, as is common in patent documents, to include one or more than one, independent of any other instances or usages of “at least one” or “one or more.” In this document, the term “or” is used to refer to a nonexclusive or, such that “A or B” includes “A but not B,” “B but not A,” and “A and B,” unless otherwise indicated. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein.” Also, in the following claims, the terms “including” and “comprising” are open-ended, that is, a system, device, article, or process that includes elements in addition to those listed after such a term in a claim are still deemed to fall within the scope of that claim. Moreover, in the following claims, the terms “first,” “second,” and “third,” etc. are used merely as labels, and are not intended to impose numerical requirements on their objects.
The above description is intended to be illustrative, and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with each other. Other embodiments can be used, such as by one of ordinary skill in the art upon reviewing the above description. Also, in the above Detailed Description, various features may be grouped together to streamline the disclosure. This should not be interpreted as intending that an unclaimed disclosed feature is essential to any claim. Rather, inventive subject matter may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
This application claims the benefit of priority under 35 U.S.C. §119(e) of U.S. Provisional Application Ser. No. 61/762,256, titled, “SECURE CRYPTO KEY GENERATION AND DISTRIBUTION,” filed on Feb. 7, 2013, U.S. and Provisional Application Ser. No. 61/764,865, titled, “SECURE CRYPTO KEY GENERATION AND DISTRIBUTION,” filed on Feb. 14, 2013, each of which are incorporated by reference herein in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 61762256 | Feb 2013 | US | |
| 61764865 | Feb 2013 | US |
