| 发明名称 |
System and method for secure key distribution to manufactured products |
| 摘要 |
A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised. |
| 申请公布号 |
US8761401(B2) |
申请公布日期 |
2014.06.24 |
| 申请号 |
US200711846045 |
申请日期 |
2007.08.28 |
| 申请人 |
Motorola Mobility LLC |
发明人 |
Sprunk Eric J.;Medvinsky Alexander;Qiu Xin;Moskovics Stuart;Chen Liqiang |
| 分类号 |
H04L9/08;H04L9/00;H04L9/32 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for distributing public key infrastructure (PKI) data from a PKI data generating facility to at least one product in a product personalization facility, comprising:
PKI data generator hardware configured to generate PKI data for loading onto at least one product, wherein the PKI data generator hardware applies an end-to-end-encryption to at least part of the PKI data followed by a PKI Server (PKIS)-specific encryption to at least part of the PKI data; and a PKI download server coupled to the PKI data generator hardware and configured to receive PKI data transmitted from the PKI data generator hardware, wherein the PKI download server is configured to transfer encrypted PKI data to a PKI server that is coupled to the at least one product, wherein the PKI server is configured to remove the PKIS-specific encryption from the encrypted PKI data and apply a PKIS session key encryption, wherein the PKIS session key encryption uses a session key negotiated with the product through an authenticated key agreement protocol, and wherein the PKI data generator hardware is included in a PKI data generation facility and the at least one product for which the PKI data is configured for loading is located in a product personalization facility which is not part of the PKI data generation facility.
|
| 地址 |
Chicago IL US |
