WO2009077511A2 - Method of encrypting chip identifier - Google Patents
Method of encrypting chip identifier Download PDFInfo
- Publication number
- WO2009077511A2 WO2009077511A2 PCT/EP2008/067573 EP2008067573W WO2009077511A2 WO 2009077511 A2 WO2009077511 A2 WO 2009077511A2 EP 2008067573 W EP2008067573 W EP 2008067573W WO 2009077511 A2 WO2009077511 A2 WO 2009077511A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- public
- encryption key
- chip identifier
- chip
- way
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to the generation of an encryption key and a public chip identifier for an integrated circuit.
- a set of electronic fuses are provided and set on a chip, at the production stage, which fuses are known as efuses.
- the number of efuses is limited. Of the limited number of efuses, some are used for non-secret technical purposes such as, for example, configuration data, electrical tuning, memory redundancy selection.
- the identification values may be used for public identification and for cryptography. For identification purposes, each chip must have a unique value.
- a chip In the prior art it is known for a chip to be provided with a unique chip identifier, known as the ChipID.
- the ChiplD may be encoded into the chip using some or all of the efuses, and uniquely identifies the chip.
- the unique chip identifier is not a public identifier. Instead, it is known in the art to generate a so-called public chip identifier, known as the public chip ID, based on applying a secure hash algorithm to the ChipID. This protects the chip ID from being publicly distributed, but allows a public unique identification of the chip to be made available. It is also known in the art to generate a master encryption key, known as key Kl, from the ChipID. The encryption key is not a public key.
- each of the public chip ID and the encryption key is generated independently from the ChipID as defined by the efuses. This is possible where the number of efuses, and hence the number of bits in the ChipID, is sufficiently large.
- a method of generating an encryption key and a public chip identifier comprising: applying a first one-way hash function to a chip identifier value to produce the encryption key; and applying a second one-way hash function to the encryption key to produce the public chip identifier.
- the public chip identifier is provided by an efuse.
- the method may further comprise generating a local signature in dependence on the encryption key.
- the public chip identifier may be transmitted in an AT cmd.
- the invention provides an apparatus for generating an encryption key and a public chip identifier, comprising: a first one-way hash function for receiving a chip identifier value and generating an encryption key; and a second one-way hash function for receiving the encryption key and generating the public chip identifier.
- the apparatus may further comprise an efuse for providing the chip identifier value.
- the invention provides an improved technique for generating a secret key and/or a public chip identifier.
- the secret key and/or the public chip identifier are both generated from a single source.
- the single source is the Chip ID.
- Such a technique is particularly advantageous where the Chip ID constitutes a limited number of bits.
- Figure 1 illustrates a technique for generating an encryption key and a public chip identifier
- FIG. 2 illustrates a use of the encryption key
- Figure 3 illustrates a technique for generating an encryption key and a public chip identifier
- Figure 4 illustrates generation of an encryption key and a public chip identifier
- a chip is provided with a set of efuses which define a ChipID, as denoted by reference numeral 104.
- the efuses are set in the chip factory during manufacturing.
- the values represented by the effuses, or at least selected ones of such values, are provided as an input to an advanced encryption standard (AES) functional block denoted by reference numeral 118.
- AES advanced encryption standard
- the efuse values form an input to a first one-way function 106.
- the one-way function generates an encryption key Kl, denoted by reference numeral 108.
- the encryption key Kl is output on a line 114.
- the encryption key Kl further forms an input to a second one-way function 110.
- the one-way function 110 generated a public chip identifier (PCID),denoted by reference numeral 112.
- PCID is output on a line 1 16.
- the first one-way function 106 is applied to a set of bits of the ChipID to produce the encryption key, K 1.
- the first one-way function produces the chip unique secret key, Kl, from the eFuse ChipID (fuse data).
- the purpose of the first one-way function is to deter reverse engineering. A secret key should not be publicly disclosed.
- Kl is used during the life of a chip to effect secure communications or storage, such that the chip can trust the integrity and possibly secrecy of certain values in storage and the integrity and possibly secrecy of certain communications.
- Kl is provided on output line 114 and, in the described example, is then used for generation of a mobile local signature for a mobile device in which the chip is installed.
- the mobile local signature is a cryptographic signature of a data packet, or of a value derived from a data packet, used to ensure that the packet has not been tampered with and that the packet is associated with this chip or this transaction, and not copied from some other chip or transaction.
- FIG. 2 illustrates a block 202 with which the encryption key is generated, which may correspond to one or more elements of Figure 1.
- SHA secure hash algorithm
- AES advanced encryption standard
- a file content is provided on line 204 to an input o the SHA 206.
- the SHA 206 provided an output which forms an input to the AES 208.
- the AES 208 additionally received the encryption key K! from block 202.
- a signature is provided by the AES 208 on line 210.
- Figure 2 serves to illustrate how Kl is used to encrypt a hash of file content.
- Kl serves as a signature of the file content.
- Kl is unique for each mobile, as it is generated on the basis of the unique eFuse ChiplD.
- the file content might be technical operating parameters or program code, or an update to the program code, or information of financial value such as the subscriber identity or information enforcing contractual restrictions on the operation of the mobile device on behalf of a subscriber.
- Some such data should be protected because corrupted or malicious values might impact upon the technical operation of the device and the network, might damage the reputation of the chip manufacturer or network operator, and other such data if corrupted might impact the business model of the network operator or permit fraud.
- the PCID 1 12 is shown as being transmitted one line 116 as part of a command message "AT and".
- the public ChipID is used to identify each device for the purpose of filed service and failure analysis. It is also used for asset tracking and collating device history for each device.
- the two one-way functions are arranged such that a secret value (Kl) is produced first and a public value (PCID) is produced as a function of the secret value.
- Kl secret value
- PCID public value
- the first one-way function 106 serves to obscure the effect of the individual bits of the efuses, and also acts as an expensive operation - for an attacker - which makes it costly to enumerate all possible efuse values.
- the second one-way function 1 10 serves to prevent reverse engineering of the public chip identifier to gain knowledge of the secret key.
- the arrangement thus provides for the secure creation of a secret key and a public ID from a small number of efuses providing the ChipID.
- the small number of efuses may not be sufficient to otherwise provide an independent secret key and a public ID.
- Each of the first and second one-way functions may be implemented in a number of ways.
- the implementation of a first one-way function followed by a second one-way function creates a chain of hashes. Such an arrangement is not scalable, and it is necessary to know ahead of time how many 'random' numbers will be needed.
- Each one-way function may implement encryption of integers, in which negative integers are used for keys and positive integers are used for as a source of entropy.
- the first one-way functional is optional, and not essential.
- the first one-way function when implemented, is selectable, and may be changed or updated.
- a change may be implemented, for example, in case of a compromise or after an unfavorable analysis.
- the method of signature generation illustrated in Figure 2 could also be achieved by appending the secret to the text and forming the hash.
- a nonce could be applied to prevent against pre-computation or dictionary attack, allowing more security from a limited initial source of entropy.
- a nonce can be derived from non-crypto-secure entropy, such as temperature and frequency readings, and possibly radio readings.
- the PCID number could be derived from the eFuse ChipID using a public key.
- the transformation may then be reversed using a private key.
- a random function generates value for a chip identifier, which is used to set the efuses for a chip as denoted by block 304,
- the efuse values are input to an advanced encryption standard (AES) denoted by block 306.
- AES advanced encryption standard
- the block 306 represents the function of block 118 of Figure 1. Thereafter the AES generates an encryption key 310 and a public chip identifier 308.
- Figure 4 illustrates independent generation of the encryption key Kl and the public chip identifier.
- the efuse chip ID is input to a first function 406, which mangles the input.
- An output of the first function 406, which is a mangled EC ⁇ D, is input to a second function 408, which is a secure hash algorithm.
- the output of the secure hash algorithm on line 410 forms the PCID.
- the efuse chip ID is input to a first function 412, which mangles the input.
- An output of the first function 412 which is a mangled ECID, is input to a second function 414, which is a secure hash algorithm.
- the output of the secure hash algorithm on line 416 forms the PCID,
- the effuses are set at the time of manufacture according to the objective that each chip should preferably have a unique value, and that very few chips should possibly have the same value.
- each chip should preferably have a unique value, and that very few chips should possibly have the same value.
- the value is not controlled or influenced by a malicious party.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1010340.6A GB2468086B (en) | 2007-12-14 | 2008-12-15 | Method of encrypting chip identifier |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0724436.1 | 2007-12-14 | ||
GB0724436A GB0724436D0 (en) | 2007-12-14 | 2007-12-14 | Method of encryping chip identifier |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2009077511A2 true WO2009077511A2 (en) | 2009-06-25 |
WO2009077511A3 WO2009077511A3 (en) | 2009-08-27 |
Family
ID=39048124
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2008/067573 WO2009077511A2 (en) | 2007-12-14 | 2008-12-15 | Method of encrypting chip identifier |
Country Status (2)
Country | Link |
---|---|
GB (2) | GB0724436D0 (en) |
WO (1) | WO2009077511A2 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2406246A (en) * | 2003-09-17 | 2005-03-23 | Hewlett Packard Development Co | Secure Provision of Image Data |
EP1645931A1 (en) * | 2004-10-11 | 2006-04-12 | Telefonaktiebolaget LM Ericsson (publ) | Secure loading and storing of data in a data processing device |
US20060129848A1 (en) * | 2004-04-08 | 2006-06-15 | Texas Instruments Incorporated | Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor |
US20070223704A1 (en) * | 2006-03-22 | 2007-09-27 | Ernest Brickell | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
-
2007
- 2007-12-14 GB GB0724436A patent/GB0724436D0/en not_active Ceased
-
2008
- 2008-12-15 WO PCT/EP2008/067573 patent/WO2009077511A2/en active Application Filing
- 2008-12-15 GB GB1010340.6A patent/GB2468086B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2406246A (en) * | 2003-09-17 | 2005-03-23 | Hewlett Packard Development Co | Secure Provision of Image Data |
US20060129848A1 (en) * | 2004-04-08 | 2006-06-15 | Texas Instruments Incorporated | Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor |
EP1645931A1 (en) * | 2004-10-11 | 2006-04-12 | Telefonaktiebolaget LM Ericsson (publ) | Secure loading and storing of data in a data processing device |
US20070223704A1 (en) * | 2006-03-22 | 2007-09-27 | Ernest Brickell | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
Also Published As
Publication number | Publication date |
---|---|
GB2468086A (en) | 2010-08-25 |
GB2468086B (en) | 2012-05-09 |
GB201010340D0 (en) | 2010-08-04 |
GB0724436D0 (en) | 2008-01-30 |
WO2009077511A3 (en) | 2009-08-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9940463B2 (en) | System and method for secure authentication | |
US10581841B2 (en) | Authenticated network | |
RU2399087C2 (en) | Safe data storage with integrity protection | |
US7437574B2 (en) | Method for processing information in an electronic device, a system, an electronic device and a processing block | |
CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
CN1808966B (en) | Safe data processing method and system | |
US7502930B2 (en) | Secure communications | |
US20030236983A1 (en) | Secure data transfer in mobile terminals and methods therefor | |
KR101393806B1 (en) | Multistage physical unclonable function system | |
US20080025514A1 (en) | Systems And Methods For Root Certificate Update | |
CN113114475B (en) | PUF identity authentication system and protocol based on bit self-checking | |
CN106100823B (en) | Password protection device | |
EP3358492B1 (en) | Electronic device with self-protection and anti-cloning capabilities and related method | |
JP2005253041A (en) | System and method for authentication | |
WO2018047120A1 (en) | A system and method for data block modification detection and authentication codes | |
US9860062B2 (en) | Communication arrangement and method for generating a cryptographic key | |
CN116318671A (en) | Offline password generation and verification method | |
WO2009077511A2 (en) | Method of encrypting chip identifier | |
WO2018114574A1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
US20040153659A1 (en) | Identification module provided with a secure authentication code | |
KR101373576B1 (en) | Des encryption system | |
Wu et al. | Two new message authentication codes based on APN functions and stream ciphers | |
CN116527240A (en) | System and method for flexible post quantum trust provisioning and updating | |
KR20200098162A (en) | Secure implementation of security data of device devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08861493 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 1010340 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20081215 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1010340.6 Country of ref document: GB |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08861493 Country of ref document: EP Kind code of ref document: A2 |