Methods of Securely Changing the Root Key of a Chip, and Related Electronic Devices and Chips

摘要

Disclosed are methods and apparatus for changing a security key on a computer chip that has a CPU, a first OTPROM (OTPROM1) storing a root key of the chip or derivative thereof (RKPUB1), and a second OTPROM (OTPROM2) on which the chip manufacturer stores nothing. A ROM of the chip stores a first software program (SW1). A device manufacturer can take that chip and interface it to a mass memory of a memory block of an electronic device, then execute a second software program (SW2) that is stored on the mass memory only if SW2 is authenticated by SW1 using the RKPUB1. Then a new root key of the chip or derivative thereof (RKPUB2) is provided (via SW2 or a USB connection for example) which is stored to the OTPROM2 via a security service portion of SW1. Thereafter RKPUB2 can be used to authenticate SW2.

主权项

1. A method for changing a security key on a computer chip, the computer chip comprising at least one processor, at least two one-time programmable memory spaces (OTPROMs) of which a first of the one-time programmable memory spaces (OTPROM1) has stored thereon a root key of the chip or a derivative thereof (RKPUB1) and nothing is stored on a second of the one-time programmable memory spaces (OTPROM2), and a read only memory (ROM) having stored thereon a first software program (SW1), the method comprising:
interfacing the chip to electronically communicate with a memory block of an electronic device comprising the memory block, the memory block having at least a mass memory; only if a second software program SW2 stored on the mass memory is authenticated by the SW1 using the RKPUB1, executing the SW2; providing a new root key of the chip or a derivative thereof (RKPUB2) which is stored to the OTPROM2 via a security service portion of the SW1; and using the RKPUB2 to authenticate the SW2 when executing the SW2 after the RKPUB2 is stored to the OTPROM2.