Secure provisioning of semiconductor chips in untrusted manufacturing factories
    1.
    发明授权
    Secure provisioning of semiconductor chips in untrusted manufacturing factories 有权
    在不信任的制造工厂安全地提供半导体芯片

    公开(公告)号:US09590806B2

    公开(公告)日:2017-03-07

    申请号:US14723411

    申请日:2015-05-27

    Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

    Abstract translation: 本发明的一个实施例包括具有嵌入式私钥提供密钥(KPK)集合的启动只读存储器(ROM),其启用芯片的安全提供。 作为开发芯片的一部分,芯片提供商建立KPK集,并提供对KPK的引导ROM专用访问。 对于每个原始设备制造商(OEM),芯片提供商分配并公开了KPK集合中包含的特定KPK索引的OEM专用KPK。 在接收到安全配置映像和相关联的KPK索引后,引导ROM访问KPK集合以重构KPK,然后解密并执行安全配置映像。 有利的是,这使得制造工厂能够提供芯片,而没有需要向制造工厂公开安全密钥的常规供应方法所带来的安全隐患。

    Secure provisioning of semiconductor chips in untrusted manufacturing factories

    公开(公告)号:US10387653B2

    公开(公告)日:2019-08-20

    申请号:US15452441

    申请日:2017-03-07

    Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Patent Agency Ranking