Storage memory unit with a shared nonvolatile memory interface for a radio

    公开(公告)号:US12069123B2

    公开(公告)日:2024-08-20

    申请号:US17871701

    申请日:2022-07-22

    发明人: John A. Nix

    摘要: A storage radio unit (SRU) for a device can include a radio, embedded universal integrated circuit card (eUICC), a processor, an antenna, and nonvolatile memory. The SRU can support standards for removable storage form factors and record a file system for a device. The device can be associated with a service provider and the SRU can be associated with a network provider. The radio can support Narrowband Internet of Things (NB-IoT) standards. The SRU can operate a file system interface (FSI) for the radio, where the device records application data in a file of the FSI. The SRU can attach to a wireless NB-IoT network using credentials recorded in the eUICC. The SRU can read the file of the FSI, and compress, encrypt, and transmit the application data to a network provider via the radio. The network provider can transmit the application data via TLS to the service provider.

    Mutually Authenticated ECDHE Key Exchange for a Device and a Network Using Multiple PKI Key Pairs

    公开(公告)号:US20220131709A1

    公开(公告)日:2022-04-28

    申请号:US17570201

    申请日:2022-01-06

    发明人: John A. Nix

    IPC分类号: H04L9/32 H04L9/30 H04L9/14

    摘要: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed) mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.

    Storage Memory Unit with a Shared Nonvolatile Memory Interface for a Radio

    公开(公告)号:US20210352132A1

    公开(公告)日:2021-11-11

    申请号:US17276818

    申请日:2019-09-17

    发明人: John A. Nix

    摘要: A storage radio unit (SRU) for a device can include a radio, embedded universal integrated circuit card (eUICC), a processor, an antenna, and nonvolatile memory. The SRU can support standards for removable storage form factors and record a file system for a device. The device can be associated with a service provider and the SRU can be associated with a network provider. The radio can support Narrowband Internet of Things (NB-IoT) standards. The SRU can operate a file system interface (FSI) for the radio, where the device records application data in a file of the FSI. The SRU can attach to a wireless NB-IoT network using credentials recorded in the eUICC. The SRU can read the file of the FSI, and compress, encrypt, and transmit the application data to a network provider via the radio. The network provider can transmit the application data via TLS to the service provider.

    ECDHE Key Exchange for Mutual Authentication Using a Key Server

    公开(公告)号:US20210218560A1

    公开(公告)日:2021-07-15

    申请号:US17254849

    申请日:2019-06-27

    发明人: John A. Nix

    IPC分类号: H04L9/08 H04L9/32 H04L9/30

    摘要: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

    An ECDHE Key Exchange for Server Authentication and a Key Server

    公开(公告)号:US20210184842A1

    公开(公告)日:2021-06-17

    申请号:US17253111

    申请日:2019-06-19

    发明人: John A. Nix

    摘要: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PM key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.

    SECURE FIRMWARE TRANSFER FROM A SERVER TO A PRIMARY PLATFORM

    公开(公告)号:US20200162247A1

    公开(公告)日:2020-05-21

    申请号:US16683242

    申请日:2019-11-13

    发明人: John A. Nix

    摘要: A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PM key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.

    DEVICE DEFAULT WIFI CREDENTIALS FOR SIMPLIFIED AND SECURE CONFIGURATION OF NETWORKED TRANSDUCERS

    公开(公告)号:US20190313246A1

    公开(公告)日:2019-10-10

    申请号:US16376998

    申请日:2019-04-05

    发明人: John A. Nix

    摘要: A wireless device with transducers can support remote monitoring and include an 802.11 compatible radio and a set of device default credentials. The device can be installed at a physical location with service from a fixed access point operating with a different set of owner credentials. A mobile phone can (i) scan a tag for the device and download a set of configuration parameters for the device, and (ii) authenticate with a configuration system. The mobile phone can receive the set of device default credentials from the configuration system. The mobile phone can activate a mobile access point using the set of device default credentials. The device can connect with the mobile phone's access point and receive a ciphertext with the owner credentials and a configuration package. The device can apply the configuration package and load the owner credentials in order to connect with the fixed access point.

    Cryptographic unit for public key infrastructure (PKI) operations

    公开(公告)号:US10380362B2

    公开(公告)日:2019-08-13

    申请号:US16362631

    申请日:2019-03-23

    发明人: John A. Nix

    摘要: A module such as an M2M device or a mobile phone can include a removable data storage unit. The removable data storage unit can include a nonvolatile memory, a noise amplifying memory, and a cryptographic unit. The nonvolatile memory can include (i) shared memory for access by both the module and the cryptographic unit, and (ii) protected memory accessible only by the cryptographic unit. The cryptographic unit can use a noise memory interface and noise amplifying operations in order to increase and distribute bit errors recorded in the noise amplifying memory. The cryptographic unit can (i) generate a random number using the noise amplifying memory and (ii) input the random number into a set of cryptographic algorithms in order to internally derive a PM key pair. The private key can be recorded in protected memory and the public key signed by a certificate authority.

    Secure IDS certificate verification for a primary platform

    公开(公告)号:US11979508B2

    公开(公告)日:2024-05-07

    申请号:US17413681

    申请日:2019-12-13

    发明人: John A. Nix

    摘要: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.

    ECDHE key exchange for mutual authentication using a key server

    公开(公告)号:US11909870B2

    公开(公告)日:2024-02-20

    申请号:US18125953

    申请日:2023-03-24

    发明人: John A. Nix

    IPC分类号: H04L9/08 H04L9/30 H04L9/32

    摘要: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.