-
公开(公告)号:US11683163B2
公开(公告)日:2023-06-20
申请号:US17253111
申请日:2019-06-19
发明人: John A. Nix
CPC分类号: H04L9/0841 , H04L9/006 , H04L9/0662 , H04L9/085 , H04L9/0825 , H04L9/14 , H04L9/3066
摘要: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.
-
公开(公告)号:US11626979B2
公开(公告)日:2023-04-11
申请号:US17717101
申请日:2022-04-10
发明人: John A. Nix
摘要: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.
-
公开(公告)号:US20220239474A1
公开(公告)日:2022-07-28
申请号:US17717101
申请日:2022-04-10
发明人: John A. Nix
摘要: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.
-
公开(公告)号:US20220006625A1
公开(公告)日:2022-01-06
申请号:US17481599
申请日:2021-09-22
发明人: John A. Nix
摘要: A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.
-
公开(公告)号:US20210211279A1
公开(公告)日:2021-07-08
申请号:US16980987
申请日:2019-03-14
发明人: John A. Nix
摘要: A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PKI key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PKI key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.
-
公开(公告)号:US20190220611A1
公开(公告)日:2019-07-18
申请号:US16362631
申请日:2019-03-23
发明人: John A. Nix
CPC分类号: G06F21/62 , G06F21/606 , H04L9/006 , H04L9/0869 , H04L9/3247 , H04L63/0823 , H04W4/60 , H04W4/70 , H04W12/0023 , H04W12/04
摘要: A module such as an M2M device or a mobile phone can include a removable data storage unit. The removable data storage unit can include a nonvolatile memory, a noise amplifying memory, and a cryptographic unit. The nonvolatile memory can include (i) shared memory for access by both the module and the cryptographic unit, and (ii) protected memory accessible only by the cryptographic unit. The cryptographic unit can use a noise memory interface and noise amplifying operations in order to increase and distribute bit errors recorded in the noise amplifying memory. The cryptographic unit can (i) generate a random number using the noise amplifying memory and (ii) input the random number into a set of cryptographic algorithms in order to internally derive a PKI key pair. The private key can be recorded in protected memory and the public key signed by a certificate authority.
-
-
-
-
-
搜索结果
36 条记录 (耗时 0.03 秒)
