主权项 |
1. A method for provisioning a device unique key between a key generation server and a remote hardware device, comprising:
generating, by the hardware device, the device unique key, wherein the hardware device stores an asymmetric public-private key pair which is also known to the key generation server; deriving, by the hardware device, a provisioning identifier (ID) and a provisioning key associated with the provisioning ID from the device unique key using one-way functions such that the device unique key cannot be derived from the provisioning ID or the provisioning key; encrypting, by the hardware device, the provisioning ID and provisioning key using the asymmetric public-private key pair; sending the encrypted provisioning ID and provisioning key to the key generation server; decrypting, by the key generation server, the encrypted provisioning ID and provisioning key using the asymmetric public-private key pair and storing the provisioning ID and provisioning key in a provisioning database associated with the key generation sever such that the hardware device is provisioned with the device unique key which is never transmitted outside the hardware device. |