公开(公告)号：US20020152392A1

公开(公告)日：2002-10-17

申请号：US09833005

申请日：2001-04-12

Applicant: Motorola, Inc.

Inventor： Douglas A. Hardy ,  Sherman W. Paskett

IPC: G06F012/14

CPC classification number: G06F21/10 ,  G06F2221/2107 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/0891

Abstract: Method for securing encryption keys for encrypting software while providing for secure updates of the key for other or updated versions of the software. A First Encryption Key which is used to encrypt an initial software version includes a FIRST SPLIT portion and a TOKEN portion. The FIRST SPLIT portion can be stored in an anti-tamper storage memory of a hardware product and the TOKEN can be stored in external storage medium so that the FIRST SPLIT and the TOKEN are separately provided to separate personnel of the user while the identity of the First Encryption Key is kept secure by remaining in custody of the provider. The user employs the hardware to combine the FIRST SPLIT and TOKEN to generate the First Encryption Key within the hardware to decrypt the encrypted software. To facilitate updates the provider combines the First Encryption Key with a Second Encryption Key to generate an UPDATE SPLIT for updated software which is encrypted with the Second Encryption Key. The UPDATE SPLIT and encrypted updated software are provided to the user who employs the hardware to calculate the Second Encryption Key from the FIRST SPLIT, UPDATE SPLIT and the TOKEN. This allows the identity of the Second Encryption Key to also remain secure in the custody of the provider. The Second Encryption Key which can be sequential or non-sequential with the First Encryption Key, is used within the hardware product to decrypt the encrypted updated software.

Abstract translation: 用于保护用于加密软件的加密密钥的方法，同时为软件的其他或更新版本提供密钥的安全更新。 用于加密初始软件版本的第一加密密钥包括FIRST SPLIT部分和TOKEN部分。 第一分割部分可以存储在硬件产品的防篡改存储器中，并且TOKEN可以被存储在外部存储介质中，使得第一分离器和TOKEN被分别提供给用户的人员， 第一加密密钥保持安全，保留在提供商的保管之下。 用户使用硬件组合FIRST SPLIT和TOKEN来生成硬件内的第一加密密钥来解密加密的软件。 为了便于更新，提供商将第一加密密钥与第二加密密钥相结合，以生成用第二加密密钥加密的更新软件的UPDATE SPLIT。 UPDATE SPLIT和加密的更新软件被提供给使用硬件的用户从FIRST SPLIT，UPDATE SPLIT和TOKEN计算第二加密密钥。 这允许第二加密密钥的身份在提供商的保管中保持安全。 第一加密密钥可以是第一加密密钥的顺序或非顺序，在硬件产品中用于解密加密的更新软件。