公开(公告)号：US09590806B2

公开(公告)日：2017-03-07

申请号：US14723411

申请日：2015-05-27

Applicant: NVIDIA CORPORATION

Inventor： Jay Huang ,  Paul Chou ,  Anthony Woo

IPC: H04L9/00 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F21/602 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F2221/2107 ,  G09C1/00 ,  H04L9/0822 ,  H04L2209/12

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Abstract translation: 本发明的一个实施例包括具有嵌入式私钥提供密钥（KPK）集合的启动只读存储器（ROM），其启用芯片的安全提供。 作为开发芯片的一部分，芯片提供商建立KPK集，并提供对KPK的引导ROM专用访问。 对于每个原始设备制造商（OEM），芯片提供商分配并公开了KPK集合中包含的特定KPK索引的OEM专用KPK。 在接收到安全配置映像和相关联的KPK索引后，引导ROM访问KPK集合以重构KPK，然后解密并执行安全配置映像。 有利的是，这使得制造工厂能够提供芯片，而没有需要向制造工厂公开安全密钥的常规供应方法所带来的安全隐患。

公开(公告)号：US10387653B2

公开(公告)日：2019-08-20

申请号：US15452441

申请日：2017-03-07

Applicant: NVIDIA Corporation

Inventor： Jay Huang ,  Paul Chou ,  Anthony Woo

IPC: H04L9/00 ,  G06F21/57 ,  H04L9/08 ,  G06F21/60 ,  G06F21/73 ,  G09C1/00 ,  G06F21/71 ,  G06F21/74

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.