| 摘要 |
To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code. The OEM can authenticate the second circuit copy using the first circuit copy and a challenge/response protocol. |
| 主权项 |
1. A circuit configuration and product provisioning method performed by a first entity, a second entity, and a third entity, the method comprising:
embedding, by the first entity, one or more secret values in first and second electronic circuits, wherein each of the first and second electronic circuits includes key derivation logic and secure boot code; generating, by the second entity, a code signing public key, a code signing private key, and a trust anchor; embedding, by the second entity, the trust anchor in the first electronic circuit; activating, by the second entity, the secure boot code, wherein the secure boot code causes the key derivation logic of the first electronic circuit to generate a secret key using a combination of the trust anchor and the one or more embedded secret values, and stores the secret key in the first electronic circuit; signing, by the second entity, provisioning code using the code signing private key, resulting in signed provisioning code that includes the provisioning code and a provisioning code signature; sending, by the second entity, the code signing public key, the trust anchor, and the signed provisioning code to the third entity; embedding, by the third entity, the trust anchor in the second electronic circuit; activating, by the third entity, the secure boot code in the second electronic circuit, wherein the secure boot code causes the key derivation logic of the second electronic circuit to generate the secret key using the combination of the trust anchor and the one or more embedded secret values, stores the secret key in the second electronic circuit, verifies the provisioning code signature of the signed provisioning code using the code signing public key, and when the provisioning code signature is verified, launches the provisioning code on the second electronic circuit; preparing, by the provisioning code on the second electronic circuit, a first signed message that includes a first message that has been signed using the secret key stored in the second electronic circuit, and a first message signature; sending, by the second electronic circuit, at least the first message signature to the second entity; verifying the first signed message by the second entity using the first message signature and the first electronic circuit; receiving, by the second electronic circuit over a channel between the second entity and the second electronic circuit, sensitive provisioning information from the second entity; and storing the sensitive provisioning information on the second electronic circuit. |
