公开(公告)号：WO2022194469A1

公开(公告)日：2022-09-22

申请号：PCT/EP2022/053610

申请日：2022-02-15

Applicant: SECURE THINGZ LTD.

Inventor： DUNNE, Peter

IPC: G06F21/57 ,  H04L9/08

Abstract: The invention relates to a method for provisioning a plurality of electronic devices (170) with a respective provisioning data set (150, 150'). Each electronic device (170) comprises a hardware security enclave (170a) providing a secret device master key. The method comprises, in a test provisioning stage: generating at least one test application key in plaintext and encrypting the at least one test application key using a first wrapping key for generating at least one encrypted test application key; encrypting the first wrapping key using the secret device master key for generating an encrypted first wrapping key; provisioning one or more of the plurality of electronic devices with a respective first provisioning data set, wherein the respective first provisioning data set comprises the at least one test application key in plaintext, the at least one encrypted test application key and the encrypted first wrapping key; and testing a security function of the electronic device (170) on the basis of at least a portion of the first provisioning data set (150).

公开(公告)号：WO2022194468A1

公开(公告)日：2022-09-22

申请号：PCT/EP2022/053609

申请日：2022-02-15

Applicant: SECURE THINGZ LTD.

Inventor： WOODRUFF, Tim ,  DUNNE, Peter ,  BOTT, Andrew

IPC: G06F21/57 ,  H04L9/08

Abstract: The invention relates to a provisioning control apparatus (140) configured to be coupled to a provisioning equipment server (160), the provisioning equipment server (160) being electrically connectable with one or more electronic components (170) for provisioning the one or more electronic components (170) with security sensitive provisioning data (150), each electronic component (170) comprising a security enclave and a non-volatile memory. The provisioning control apparatus (140) comprises a processor (141) configured to encrypt the security sensitive provisioning data (150) using a secure vault encryption key for obtaining encrypted security sensitive provisioning data (150). Moreover, the provisioning control apparatus (140) comprises a communication interface (143) configured to securely provide the secure vault encryption key to the provisioning equipment server (160) for storing the secure vault encryption key in the security enclave of the electronic component (170). The communication interface (143) is further configured to provide the encrypted security sensitive provisioning data (150) to the provisioning equipment server (160) for storing the encrypted security sensitive provisioning data in the non-volatile memory of the electronic component (170) and thereby creating a secure vault in the non-volatile memory of the electronic component (170) for securely storing the encrypted security sensitive provisioning data (150).

公开(公告)号：WO2022100937A1

公开(公告)日：2022-05-19

申请号：PCT/EP2021/077733

申请日：2021-10-07

Applicant: SECURE THINGZ LTD.

Inventor： DUNNE, Peter ,  WOODRUFF, Tim

IPC: H04L9/08 ,  H04W12/04

Abstract: The invention relates to a method for provisioning a plurality of electronic devices (170) with a respective provisioning data set (150, 150'), wherein the respective provisioning data set (150, 150') comprises at least one respective cryptographic key. The method comprises; in a development provisioning stage, provisioning one or more of the plurality of electronic devices (170) with the respective provisioning data set (150), wherein in the development provisioning stage the at least one respective cryptographic key has a first key entropy. Moreover, the method comprises, in a production provisioning stage, provisioning one or more of the plurality of electronic devices (170) with the respective provisioning data set (150'), wherein in the production previsioning stage the at least one respective cryptographic key has a second key entropy, wherein the first key entropy is smaller than the second key entropy.

公开(公告)号：WO2022100936A1

公开(公告)日：2022-05-19

申请号：PCT/EP2021/077714

申请日：2021-10-07

Applicant: SECURE THINGZ LTD.

Inventor： DUNNE, Peter ,  ROBERTS, Dominic

IPC: H04L9/08 ,  H04W12/04

Abstract: The invention relates to an apparatus (110) for generating a plurality of provisioning data sets (150, 150') for provisioning a plurality of electronic devices (170), such as chips or microprocessors for electronic equipment. The apparatus (110) comprises a processing circuitry (111) configured to obtain a first provisioning data set (150, 150') for provisioning an electronic device (170) and to generate at least one further provisioning data set (150, 150') for provisioning at least one further electronic device (170) by generating at least one copy of the first provisioning data set (150, 150`). Furthermore, the apparatus (110) comprises a communication interface (113) configured to output the at least one further provisioning data set (150, 150') for provisioning the at least one further electronic device (170). Moreover, the invention relates to a corresponding method for generating a plurality of provisioning data sets (150, 150') for provisioning a plurality of electronic devices (170).