发明名称 |
Methods of Securely Changing the Root Key of a Chip, and Related Electronic Devices and Chips |
摘要 |
Disclosed are methods and apparatus for changing a security key on a computer chip that has a CPU, a first OTPROM (OTPROM1) storing a root key of the chip or derivative thereof (RKPUB1), and a second OTPROM (OTPROM2) on which the chip manufacturer stores nothing. A ROM of the chip stores a first software program (SW1). A device manufacturer can take that chip and interface it to a mass memory of a memory block of an electronic device, then execute a second software program (SW2) that is stored on the mass memory only if SW2 is authenticated by SW1 using the RKPUB1. Then a new root key of the chip or derivative thereof (RKPUB2) is provided (via SW2 or a USB connection for example) which is stored to the OTPROM2 via a security service portion of SW1. Thereafter RKPUB2 can be used to authenticate SW2. |
申请公布号 |
US2014359268(A1) |
申请公布日期 |
2014.12.04 |
申请号 |
US201414291430 |
申请日期 |
2014.05.30 |
申请人 |
Broadcom Corporation |
发明人 |
JAUHIAINEN Antti;PELLIKKA Vesa;BOSCHER Arnaud;ITO Kenichi;ANTTILA Taina Maria |
分类号 |
H04L9/08;G06F21/44;G06F21/57 |
主分类号 |
H04L9/08 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for changing a security key on a computer chip, the computer chip comprising at least one processor, at least two one-time programmable memory spaces (OTPROMs) of which a first of the one-time programmable memory spaces (OTPROM1) has stored thereon a root key of the chip or a derivative thereof (RKPUB1) and nothing is stored on a second of the one-time programmable memory spaces (OTPROM2), and a read only memory (ROM) having stored thereon a first software program (SW1), the method comprising:
interfacing the chip to electronically communicate with a memory block of an electronic device comprising the memory block, the memory block having at least a mass memory; only if a second software program SW2 stored on the mass memory is authenticated by the SW1 using the RKPUB1, executing the SW2; providing a new root key of the chip or a derivative thereof (RKPUB2) which is stored to the OTPROM2 via a security service portion of the SW1; and using the RKPUB2 to authenticate the SW2 when executing the SW2 after the RKPUB2 is stored to the OTPROM2. |
地址 |
Irvine CA US |