Programming on-chip non-volatile memory in a secure processor using a sequence number

摘要

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

主权项

1. A method comprising:
receiving, using a processor, a request for a device certificate; initializing, using the processor, a state variable in an on-chip writable memory to an initial value in response to a power up event of a device containing the processor; generating, using the processor and a function of a secret seed random number and a sequence number, a cryptographic key pair; identifying a key in the cryptographic key pair, the key comprising one of a public key and a private key in the cryptographic key pair; incrementing, using the processor, the sequence number; generating, using the processor, a first random number as a function of the key and the state variable; creating, using the processor, the device certificate based on the first random number and the request for the device certificate, the device certificate being configured to provide a security signature for accessing protected resources by a secure application.