Downloading of data to secure devices

摘要

An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

主权项

1. A method comprising:
responsive to receiving first data corresponding to a software download, retrieving, by a secure device, personalized unit data and a sequence number stored in a protected memory of the secure device; iteratively executing, by the secure device, a decryption key generation algorithm a number of times based on the sequence number to generate a first decryption key based on the personalized unit data and the sequence number; decrypting, by the secure device, the first data using the first decryption key; and in response to determining, by the secure device, that the decryption of the first data was successful, that the software download was successfully executed by the secure device, or both:
transmitting a confirmation message to a control server for incrementing or decrementing a sequence number associated with the secure device at the control server.