System for and method of cryptographic provisioning

摘要

A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.

主权项

1. A method of provisioning a module with cryptographic parameters, wherein the module comprises a first nonvolatile memory, a second nonvolatile memory, a third nonvolatile memory, and a processor, the method comprising:
storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory; and storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, wherein the first program is configured to:
generate, within the module and using the processor, a memory protection key and a bootstrap key;encrypt, within the module, the memory protection key using the bootstrap key, whereby encrypting the memory protection key with the bootstrap key generates an encrypted memory protection key and a first authenticator;store, within the first nonvolatile memory, the encrypted memory protection key and the first authenticator; andstore, within the second nonvolatile memory, the bootstrap key; andpass the encrypted memory protection key outside the module using a first program command; receiving, via an interface, the encrypted memory protection key as a returned encrypted memory protection key; and storing the returned encrypted memory protection key in a third nonvolatile memory.