公开(公告)号：US11283626B2

公开(公告)日：2022-03-22

申请号：US16331055

申请日：2016-09-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Gang Lian ,  Sampo Sovio ,  Taisheng Deng ,  Xiaopu Wang ,  Zongbo Ye

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: An apparatus including a processor and a memory, where the processor and the memory are configured to provide a secure execution environment and the memory stores a hardware unique key and a class key. The processor is configured to recover, in the secure execution environment, a certificate signing key based on the class key, where the certificate signing key is associated with a certificate authority. The processor is further configured to derive a device key pair based on the hardware unique key, where the device key pair includes a device public key and a device private key, and generate a device certificate based on the device public key and the certificate signing key. The generated device certificate is configured to be validated based on a public key associated with the certificate authority.

公开(公告)号：US20190238342A1

公开(公告)日：2019-08-01

申请号：US16331055

申请日：2016-09-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Gang Lian ,  Sampo Sovio ,  Taisheng Deng ,  Xiaopu Wang ,  Zongbo Ye

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3263 ,  H04L9/0894 ,  H04L9/321 ,  H04L63/0823 ,  H04L2209/64 ,  H04L2209/80 ,  H04L2463/061

Abstract: An apparatus including a processor and a memory, where the processor and the memory are configured to provide a secure execution environment and the memory stores a hardware unique key and a class key. The processor is configured to recover, in the secure execution environment, a certificate signing key based on the class key, where the certificate signing key is associated with a certificate authority. The processor is further configured to derive a device key pair based on the hardware unique key, where the device key pair includes a device public key and a device private key, and generate a device certificate based on the device public key and the certificate signing key. The generated device certificate is configured to be validated based on a public key associated with the certificate authority.