发明名称 |
Controlling use of encryption keys |
摘要 |
A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key. |
申请公布号 |
US9479340(B1) |
申请公布日期 |
2016.10.25 |
申请号 |
US201514673585 |
申请日期 |
2015.03.30 |
申请人 |
Amazon Technologies, Inc. |
发明人 |
Miller Derek Del;Potlapally Nachiketh Rao;Patel Rahul Gautam |
分类号 |
H04L29/06;H04L9/32;H04L9/30;G06F21/57 |
主分类号 |
H04L29/06 |
代理机构 |
Kilpatrick Townsend & Stockton LLP |
代理人 |
Kilpatrick Townsend & Stockton LLP |
主权项 |
1. A system-on-chip, comprising:
a processor; a fuse-based memory storing:
information for deriving a first public key for a first asymmetric key pair; andone or more current key version numbers, each associated with a corresponding secondary public key; wherein, in a secure boot process, the processor is configured to:
load a digital certificate that includes a secondary public key for a second asymmetric key pair;authenticate the digital certificate using the first public key;compare a version number for the secondary public key provided by the digital certificate with a corresponding current key version number in the fuse-based memory;if the version number for the secondary public key is lower than the current key version number, determine that the secondary public key is not a trusted public key; andif the version number for the secondary public key is equal to or higher than the current key version number, determine that the secondary public key is a trusted public key; wherein the processor is further configured to:
if the version number for the secondary public key is higher than the current key version number and if an authorization is received from a system administrator or a trusted entity, update the corresponding current key version number in the fuse-based memory to indicate the version number associated with the secondary public key,
wherein the version number for the secondary public key is associated with a secondary public key that has been determined to be a trusted public key by the processor in a secure boot process. |
地址 |
Seattle WA US |