WO2001033768A2 - Apparatus and method for secure field upgradability - Google Patents

Apparatus and method for secure field upgradability Download PDF

Info

Publication number
WO2001033768A2
WO2001033768A2 PCT/US2000/026275 US0026275W WO0133768A2 WO 2001033768 A2 WO2001033768 A2 WO 2001033768A2 US 0026275 W US0026275 W US 0026275W WO 0133768 A2 WO0133768 A2 WO 0133768A2
Authority
WO
WIPO (PCT)
Prior art keywords
component
recited
communication
bit string
enabling functionality
Prior art date
Application number
PCT/US2000/026275
Other languages
French (fr)
Other versions
WO2001033768A3 (en
WO2001033768A9 (en
Inventor
Anders Johnson
Original Assignee
Broadcom Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corporation filed Critical Broadcom Corporation
Priority to EP00973385A priority Critical patent/EP1224766A2/en
Priority to AU11897/01A priority patent/AU1189701A/en
Publication of WO2001033768A2 publication Critical patent/WO2001033768A2/en
Publication of WO2001033768A3 publication Critical patent/WO2001033768A3/en
Publication of WO2001033768A9 publication Critical patent/WO2001033768A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • the invention relates to a method and apparatus for selectively and
  • Cryptography is generally defined as the technology of encoding information so that the information itself, upon storage and/or transmission,
  • cryptography can be used to encrypt a
  • cryptography is a type of cryptography where the sender and receiver both have the same key or similar keys, which are used to decode the encrypted
  • public key cryptography is a form of
  • the receiver decrypts the messages through use of the private key.
  • the private key is generally not revealed to anyone other
  • cryptography is symmetric key cryptography, which is often used in computer
  • manufacturers are generally able to manufacture a single product line having a single design and manufacturing cost, wherein the single product is capable
  • Secure for purposes of cryptographic enablement, is generally defined as the point where the cost of obtaining unauthorized access to a
  • the present invention to provide the ability to conduct secure functionality
  • the present invention provides an apparatus for enabling functionality
  • the apparatus includes an identification module
  • a host is provided and is in communication with the identification module, and a guess register in
  • An encryption module is provided
  • a comparator in communication with the encryption module, wherein the public key module has a public key stored therein.
  • the encryption module and the hash function module is provided, such that
  • the comparator may compare a first bit string to a second bit string to
  • the present invention further provides a component for selectively enabling functionality of an electronic device, wherein the component
  • a means for determining if the on board memory has a predefined identification number stored therein.
  • the present invention further provides a method for enabling functionality of an electronic component, wherein the method includes the steps of encrypting a first bit string and a second bit string to generate a third bit string, calculating a fourth bit string, comparing the fourth bit string to the
  • the invention also includes an apparatus for enabling functionality of
  • a host comprising at least one memory, and an encryption module in communication with the at least one memory.
  • processor is in communication with the at least one memory, and a comparing device is in communication with the encryption module and the at least one
  • the comparing device is configured to compare a guess passcode
  • the invention also includes a method for enabling functionality of an
  • bit string and a second bit string to generate an encrypted bit string
  • the guess passcode is compared to the
  • the invention also includes an apparatus for enabling functionality of a component, with the apparatus comprising a comparing device having at
  • the memory has a memory output in communication
  • a guess register is provided for receiving a guess passcode.
  • the guess register has a guess passcode input and a guess passcode output.
  • the guess passcode output is in communication with the comparing device.
  • a host is in communication with the guess register.
  • host is configured to receive and transmit the guess passcode to the guess
  • the memory includes a physical limitation preventing unauthorized extraction of the at least one bit string stored within
  • the invention also includes a method for enabling at least one function
  • the method comprising the steps of storing a component identification number and a key in a non-volatile memory on board the
  • a bit string is then transmitted, composed of the key, to a first
  • the bit string is then compared to the manufacturer's key to generate an enable output.
  • the non-volatile memory is manufactured
  • the invention also includes a method for selectively enabling functionality of an electronic component, with the method comprising the
  • the bit string is compared to the
  • the invention also includes an apparatus for enabling functionality of
  • an electronic component with the apparatus comprising at least one means for storing a bit string, and means for transmitting and receiving information.
  • the means for transmitting and receiving information is in communication with
  • the means for storing are provided for comparing a predefined
  • bit string with a guess bit string The means for comparing being in
  • comparing receives at least two inputs from the at least one means for storing and compares the at least two inputs to determine an enable output for the
  • the invention also includes an apparatus for enabling functionality of a component, with the apparatus comprising a random number generating
  • a host is in communication with the random number generating module, and at least one
  • An encryption module is provided,
  • a comparing device is in communication with the at least one memory.
  • the comparing device compares a first bit string to a second bit string to generate a function enable output for the component.
  • the invention also includes a component for selectably enabling
  • the invention also includes a method for enabling functionality of an electronic component, with the method comprising the steps of generating a
  • the second bit string is then encrypted with a public key to generate a third
  • the third bit string is compared to the first bit string to determine a match.
  • a function enable signal is output, in accordance with the
  • Figure 1 illustrates an exemplary unique key function enabler
  • FIG. 2 illustrates an exemplary secret key function enabler according to the invention
  • Figure 3 illustrates an exemplary public key encryption enabler
  • Figure 4 illustrates an exemplary public key enabler with a random
  • the present invention is directed to an apparatus and method for
  • process is configured to be secure from attack by an unauthorized party.
  • components manufactures a component, such as a network switch, for
  • the network switch may be a single integrated circuit, or a plurality
  • This component could include the basic
  • customers are interested in purchasing a network switch with each of the above noted functions, as some customers may desire to purchase a network switch having only the ability to conduct network switching and filtering
  • a first embodiment of the present invention shown in Figure 1 , is
  • Figure 1 generally illustrates an exemplary configuration of a function enabler 15 of the present
  • the exemplary function enabler 15 is generally positioned on- board the computer or electronic component for which it is configured to
  • Function enabler 15 includes a non-volatile memory 16, which may be in the form of a 96 bit unique unpredictable non ⁇
  • 16 is generally characterized as a memory and/or register wherein the
  • bits/information contained therein are programmed at the factory and are not visible to the user as a result of a physical limitation implemented at the factory.
  • This type of physical limitation generally comprises manufacturing
  • non-volatile memory 16 can be programmed with, for example, a component identification number at the factory. Additionally, non-volatile memory 16 may
  • Non-volatile memory 16 is in communication with an interface 17 through, for example, a
  • non-volatile memory 16 may send
  • Interface 17 is also in communication
  • interface 17 is in communication with an input of a register 19, which
  • guess register 19 is in communication with a first input 20a of a comparator 20.
  • a second input 20b is in communication with non-volatile memory 16 through a one-way connection in the direction of comparator 20.
  • comparator 20 is in communication with a first input 21a of a multiplexer
  • Second input 21 b of multiplexer 21 is in communication with a selection
  • Selection circuit 22 includes an OR gate 23 having an inverted
  • OR gate 23 is in communication with additional non-volatile logic
  • a third input 21 c of multiplexer 21 is in communication with
  • a bonding option circuit 25 which includes an appropriately sized pull up
  • non-volatile memory 16 of function enabler 15 may be preprogrammed at the factory with both a unique component
  • the component is a network switch
  • identification number may be a 32 bit identification number or serial number of the network switch. Furthermore, assuming that non-volatile memory 16
  • the network switch could be a 64 bit field stored in the register, which is generally generated through a random number-type process.
  • network switch desires to enable additional functions of the network switch, the user first must contact the manufacturer, or other party having
  • contacting the manufacturer is generally accomplished through host 18, which determines the identification number associated with the component/network
  • for a password or key also may include an agreement between the user and the manufacturer for the user to compensate the manufacturer for the
  • compensation arrangement may include a transaction that occurs before the functionality is enabled, or alternatively, a transaction that takes place at the
  • a key may be undertaken, for example, through an internet connection, a direct dial data connection, or through a voice telephone call,
  • Host 18 upon receiving the key from the manufacturer, then sends the manufacturers key to interface 17, which transmits the manufacturer's key to register 19.
  • Register 19
  • non-volatile memory 16 transmits the unique key that was
  • Comparator 20 or other
  • comparator 20 sends an enable signal to multiplexer 21 through a first input
  • a second input 21 b of multiplexer 21 receives an input
  • Selection circuit 22 determines whether multiplexer 21 uses the input from comparator 20 or bonding option circuit 25. For example, if the non-volatile memory 16 is programmed, then the additional
  • non-volatile bits 24 may be programmed to a logical "1" and "0" respectively
  • both additional non-volatile bits 24 may programmed to either logical "1 " or "0" such that the enable signal is selected from the bonding option circuit 25. Therefore, the bonding option in
  • the present invention contemplates that in order to detect any errors that may have occurred in the
  • host 18 may be used to determine
  • host 18 may initiate a testing of the enabled functionality to determine if the enablement process was
  • This configuration may be implemented on a component and tied to
  • a single enabler circuit may enable a single function
  • function enabler 15 provides the flexibility for manufacturers to selectively enable a single
  • the manufacturer may simply store an algorithm configured to generate the unique key stored in non-volatile memory 16 during the manufacturing stage.
  • the manufacturer when the manufacturer receives a request from a host for a manufacturers key, the manufacturer can simply determine an
  • key length selection is important to effective operation of the present invention. In selecting an appropriate key length, manufacturers may
  • a media access controller is generally programmed at the
  • Figure 2 has certain advantages over the embodiment of Figure 1 , the
  • the key length be chosen to be sufficiently long to deter a brute force attack, but the key must also be selected to be sufficiently short such that the
  • Figure 2 illustrates an exemplary implementation of symmetric cipher
  • a secret key function enabler 32 includes
  • memory 28 which is not required to be non-volatile memory as used in the previous embodiment.
  • Memory 28 is again used to store a component
  • memory 28 does not store a key of any sort in the present
  • the identification number which, for example, can be a 32 bit number, is transmitted from memory 28 to a hash function module 29.
  • Hash function module 29 is configured to receive the input from memory
  • hash function module 29 is shown as a one-way hash function module, which is also known generally as a
  • cryptographic compression function cryptographic contraction function, a cryptographic message digest, and/or a cryptographic checksum.
  • a one-way hash function is designed to compute a hash value from pre-image inputs.
  • the strength of a one-way hash function is that
  • a one-way hash function is generally
  • hash function module
  • hash function module 29 is
  • hash function module 29 may be utilized to reduce the length
  • hash value generated by hash function module 29 is transmitted to a symmetric
  • cipher encryption module 31 as an input. Another input to a symmetric cipher encryption module 31 is a secret key, which is transmitted to a symmetric
  • the symmetric cipher encryption module 31 is termed the clear text.
  • the encrypted output of the symmetric cipher encryption module 31 is termed the cipher text.
  • encryption module 31 is transmitted to the second input 20b of comparator
  • the first input 20a of comparator 20 is in communication with guess
  • the cipher text generated by symmetric cipher encryption module 31 is compared to the cipher text generated by symmetric cipher encryption module 31
  • comparator 20 to OR gate 23.
  • gate 23 conducts a logical "OR" operation with inputs from comparator 20 and bonding option 25, which was
  • OR gate 23 which is used to initiate the enabling of the desired functionality.
  • a MAC is generally programmed with a unique identification number, which is often the address of the MAC
  • present embodiment can be, for example, a 48 bit MAC address. This 48 bit
  • the unique identification number is
  • the secret key which is generally
  • programmed into the component or MAC at the factory and generally hardcoated can be, for example, 64 bits long, or another length as required
  • This cipher text can be transmitted
  • guess passcode to guess register 19 generally involves the user contacting
  • this process of contacting the manufacturer may be undertaken via the internet, direct dial communications link, or other communications methods. If the guess
  • Public key configurations generally rely on one key for encryption, and a different, but related key for decryption. This
  • the manufacturer can, for example, keep one of the keys secure within the manufacturing facility, while the second key may be stored on
  • Memory 28 communicates the component identification
  • Hash function module 29 which is a necessary component in public key system 31 , unlike
  • secret key function enabler 32 processes the pre-image input and generates
  • hash function module 29 as a module for executing a one way hash function
  • hash value generated by hash function module 29 is transmitted to the second
  • public key module 34 which contains the previously discussed
  • public key for the device therein transmits a public key to public key
  • public key encryption module 35 receives both
  • This cipher text at the output of public key encryption module 35. This cipher text
  • comparator 20 in similar fashion to the previously discussed embodiment,
  • Figure 4 utilizes a random sequence generator 36, which is configured to
  • the encryption process is unavailable for an attacker to utilize in an attack on the component.
  • Figure 4 illustrates the use of a linear feedback
  • the exemplary random sequence generator 36 is configured to
  • generator is to output a random number for use by the random id based
  • the run signal received by random sequence generator 36 is received at a first input of NAND gate 38.
  • the output of NAND gate 38 is transmitted to an input of linear feedback shift
  • LFSR LFSR register
  • the output of the series bank of inverters 39 is in communication with a
  • LFSR 37 generate a random number at the output of random sequence
  • random id based enabler 41 first receives a run signal at
  • the random sequence generator 36 which operates to initiate the generation of the desired random identification number.
  • Hash function module 29 which is once again shown as a one way hash function for exemplary purposes, receives the random number as pre-
  • This hash value is communicated to a second input 20b of
  • random sequence generator 36 The manufacturer, having the private key
  • function module 29 is then transmitted to the first input 20a of comparator 20.
  • Comparator 20 compares the calculated cipher text to the hash value generated by hash function module 29. If the cipher text matches the hash value, an enable signal is transmitted from the output of comparator 20 to an
  • OR gate 23 Another input of OR gate 23 is again connected to a bonding option circuit 25 to generate a manual override of random id based
  • OR gate 23 outputs an enable functionality signal that is
  • enabler of the present invention may be applicable to various electronic

Abstract

Apparatuses and methods for enabling functionality of a component, with the apparatus including such elements as an identification module having an identification number stored therein, and a hash function module in communication with the identification module. A host is provided and is in communication with the identification module, and a guess register is in communication with the host. An encryption module is provided, and is in communication with the guess register. A public key module is in communication with the encryption module. The public key module has a public key stored therein. A comparator is in communication with the encryption module and the hash function module. The comparator may compare a first bit string to a second bit string to generate a function enable output for the component. Various methods and other embodiments of the apparatus are provided, in order to provide secure field upgradability of electronic components.

Description

TITLE OF THE INVENTION:
APPARATUS AND METHOD FOR SECURE FIELD UPGRADABILITY
REFERENCE TO RELATED APPLICATIONS:
This application claims priority of United States Provisional Patent
Application Serial No. 60/162,209 filed on October 29, 1999, United States Provisional Patent Application Serial No. 60/162,157 filed on October 29,
1999, and United States Provisional Patent Application Serial No.60/193,378
filed on March 21 , 2000. The contents of these earlier filed applications are hereby incorporated by reference.
BACKGROUND OF THE INVENTION:
Field of the Invention:
The invention relates to a method and apparatus for selectively and
securely enabling additional functionality of an electronic component not
expressly enabled at the manufacturing or design stages based upon
cryptography principles.
Description of the Related Art:
Cryptography is generally defined as the technology of encoding information so that the information itself, upon storage and/or transmission,
can only be accessed by individuals authorized to utilize the information.
Cryptography has wide ranging application in various fields and
implementations. For example, cryptography can be used to encrypt a
sensitive data file, such as a business plan, so that other parties, such as competitors, even if they gain access to the physical location of the data, cannot take advantage of the content of the data. Additionally, cryptography is regularly used to send and receive secure messages between users via e-
mail, radio transmission, and satellite communications, along with many other
data transmission links. In implementing these types of cryptographic
systems, various "types" of cryptography are used. For example, private key
cryptography is a type of cryptography where the sender and receiver both have the same key or similar keys, which are used to decode the encrypted
message/data. Alternatively, public key cryptography is a form of
cryptography in which each user has a public key and a private key, and
therefore, messages are sent encrypted with the receiver's public key and
the receiver decrypts the messages through use of the private key. Using the public key method, the private key is generally not revealed to anyone other
than the intended users and/or recipients of the information. Another form of
cryptography is symmetric key cryptography, which is often used in computer
transmission related situations, wherein both ends have the same encryption
key, which is used for encryption and decryption.
Furthermore, although general cryptography has been a practiced art
for nearly 100 years, recent advances in computer related technologies have
opened a whole new realm of applications for cryptography. For example,
given current computer technology, cryptographic methods are often implemented in various software applications in order to enable and/or
disable access to selected software and/or hardware functions. However,
software driven cryptographic functions have an inherent degree of vulnerability as a result of their code driven nature.
One particular area where cryptographic methods have been recently used is in the computer hardware enablement field. Although previous
implementations such as physical jumpers and secret registers are effective
from a physical point of view, these methods are unsecured, and therefore,
impractical for most computer applications, as they can easily be bypassed by a clever user. An example of the use of these types of methods is when
manufacturers of electronic/computer components manufacture components
having various ranges of capabilities and options, as evidenced by the
different models of the product. However, in view of the cost associated with
producing multiple variations/models of a product in order to create the range
of capabilities desired by consumers, manufacturers often produce a single
product capable of executing all of the desired functions of the entire product
line. This product is then sold as the "top of the line" model. Then, in order to generate the "lower"' models, the top of the line model is simply sold with
one or more of the features disabled. Therefore, through this technique,
manufacturers are generally able to manufacture a single product line having a single design and manufacturing cost, wherein the single product is capable
of supporting numerous product models in a product line.
This process has a second advantage, as the manufacturer is then
able to offer consumers the option of upgrading their product, without having
to physically exchange the hardware for an upgraded model. Rather, the
manufacturers can simply enable the desired functions of the hardware in order to upgrade the product. However, this advantage comes with an
inherent disadvantage, as a consumer who knows that the product purchased includes disabled upgrades may attempt to enable the additional functionality of the product without the manufacturer's permission, which eliminates or at
least reduces the possibility of the manufacturer obtaining compensation for
the upgraded product. This situation has been attempted to be addressed
through previous functionality enablement methods (jumpers and private registers), however, the vulnerability of these methods has been shown to be
nearly ineffective against a reasonably sophisticated attacker.
Therefore, in view of the vulnerability of previous enablement methods in conjunction with the desired manufacturing methods for electronic/computer related products, it is an object of the present invention
to implement a cryptographic method wherein the secure portions of the
method, e.g. the relevant keys, are implemented in electronic/computer
products. Secure, for purposes of cryptographic enablement, is generally defined as the point where the cost of obtaining unauthorized access to a
component exceeds the cost associated with obtaining authorized access.
More particularly, it is an object of the present invention to implement
cryptographic functions for enabling functionality of electronic/computer
related components, wherein the relevant secure key related information is contained within computer hardware in a non-volatile memory device and not
within a purely software driven configuration. Further still, it is an object of
the present invention to provide the ability to conduct secure functionality
enablement on electronic/computer related components, wherein a public key
for enabling the component is contained onboard and utilized in conjunction with a randomly generated component identifier in order to selectively enable additional functionality of the component. SUMMARY OF THE INVENTION:
The present invention provides an apparatus for enabling functionality
of a component, wherein the apparatus includes an identification module
having an identification number stored therein, and a hash function module
in communication with the identification module. A host is provided and is in communication with the identification module, and a guess register in
communication with the host is provided. An encryption module is provided
and is in communication with the guess register, and a public key module in
communication with the encryption module is provided, wherein the public key module has a public key stored therein. A comparator in communication with
the encryption module and the hash function module is provided, such that
the comparator may compare a first bit string to a second bit string to
generate a function enable output for the component.
The present invention further provides a component for selectively enabling functionality of an electronic device, wherein the component
includes a means for generating an encrypted bit string, a means for
acquiring a guess passcode, and a hash function module in communication
with an on board memory, wherein the on board memory has a predefined identification number stored therein. A means for determining if the
encrypted bit string matches the guess passcode is provided, and a means
for outputting a functionality enable signal is included.
The present invention further provides a method for enabling functionality of an electronic component, wherein the method includes the steps of encrypting a first bit string and a second bit string to generate a third bit string, calculating a fourth bit string, comparing the fourth bit string to the
third bit string, and generating a function enable signal in accordance with the
comparison.
The invention also includes an apparatus for enabling functionality of
a component, with the apparatus comprising at least one memory, and an encryption module in communication with the at least one memory. A host
processor is in communication with the at least one memory, and a comparing device is in communication with the encryption module and the at least one
memory. The comparing device is configured to compare a guess passcode
to a bit string generated by the encryption module in order to generate an
enable output.
The invention also includes a method for enabling functionality of an
electronic component, with the method comprising the steps of enabl ing a first
bit string and a second bit string to generate an encrypted bit string, then
determining a guess passcode. The guess passcode is compared to the
encrypted bit string. A function enable signal is then generated in
accordance with the comparison.
The invention also includes an apparatus for enabling functionality of a component, with the apparatus comprising a comparing device having at
least one input and an output, and a memory for receiving and storing at least
one bit string therein. The memory has a memory output in communication
with the comparing device. A guess register is provided for receiving a guess passcode. The guess register has a guess passcode input and a guess passcode output. The guess passcode output is in communication with the comparing device. A host is in communication with the guess register. The
host is configured to receive and transmit the guess passcode to the guess
register so that the guess passcode can be compared to the at least one bit
string stored in the memory. The memory includes a physical limitation preventing unauthorized extraction of the at least one bit string stored within
the memory.
The invention also includes a method for enabling at least one function
of a component, with the method comprising the steps of storing a component identification number and a key in a non-volatile memory on board the
component. A bit string is then transmitted, composed of the key, to a first
input of a comparing device. A manufacturer's key is transmitted,
corresponding to the component identification number, to a second input of
the comparing device. The bit string is then compared to the manufacturer's key to generate an enable output. The non-volatile memory is manufactured
with a physical limitation for preventing an attacker from extracting
information from the non-volatile memory.
The invention also includes a method for selectively enabling functionality of an electronic component, with the method comprising the
steps of storing a bit string in an onboard memory of a component, then
determining the manufacturer's key. The bit string is compared to the
determined manufacturer's key, and functionality of the component is enabled in accordance with the comparison.
The invention also includes an apparatus for enabling functionality of
an electronic component, with the apparatus comprising at least one means for storing a bit string, and means for transmitting and receiving information.
The means for transmitting and receiving information is in communication with
the means for storing. The means are provided for comparing a predefined
bit string with a guess bit string. The means for comparing being in
communication with the at least one means for storing. The means for
comparing receives at least two inputs from the at least one means for storing and compares the at least two inputs to determine an enable output for the
electronic component.
The invention also includes an apparatus for enabling functionality of a component, with the apparatus comprising a random number generating
module for generating a random number, and a hash function module in
communication with the random number generating module. A host is in communication with the random number generating module, and at least one
memory is in communication with the host. An encryption module is provided,
in communication with the at least one memory. A comparing device is in
communication with the encryption module and the hash function module.
The comparing device compares a first bit string to a second bit string to generate a function enable output for the component.
The invention also includes a component for selectably enabling
functionality of an electronic device, with the component including the various
means noted above.
The invention also includes a method for enabling functionality of an electronic component, with the method comprising the steps of generating a
random number, and calculating a first bit string from the random number. A second bit string is then determined, corresponding to the random number.
The second bit string is then encrypted with a public key to generate a third
bit string. The third bit string is compared to the first bit string to determine a match. A function enable signal is output, in accordance with the
comparison.
BRIEF DESCRIPTION OF THE DRAWINGS:
The objects and features of the invention will be more readily
understood with reference to the following description and the attached drawings, wherein:
Figure 1 illustrates an exemplary unique key function enabler
according to the invention ;
Figure 2 illustrates an exemplary secret key function enabler according to the invention;
Figure 3 illustrates an exemplary public key encryption enabler
according to the invention; and
Figure 4 illustrates an exemplary public key enabler with a random
number generator according to the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS:
The present invention is directed to an apparatus and method for
enabling functionality of an electronic component, wherein the enablement
process is configured to be secure from attack by an unauthorized party. For
purposes of explanation, the present invention will be described with respect to a computer component. However, it is understood that the present
description with regard to a computer component is for explanatory purposes only, and therefore, is in no way limiting upon the present invention, as use
of the present invention with various general electronic components is
expressly contemplated within the scope of the present invention.
As an example of the present invention, a manufacturer of computer
components manufactures a component, such as a network switch, for
example. The network switch may be a single integrated circuit, or a plurality
of components connected together. This component could include the basic
capabilities to conduct packet switching, but also could have the ability to execute optional functions such as filtering, metering, head of line blocking,
stacking, trunking, and/or load balancing, for example. However, not all
customers are interested in purchasing a network switch with each of the above noted functions, as some customers may desire to purchase a network switch having only the ability to conduct network switching and filtering
without the additional features. For this customer, the manufacturer is faced
with two distinct options: first, design and manufacture a separate component
capable of only switching and filtering, and then market and sell this
component to this type or group of customers desiring only these particular features; or second, selling this customer the previously designed and
manufactured component capable of conducting all of the above noted
features, but only enable the features desired by the particular customer. In
this situation, it is nearly always more economical for the manufacturer to sell the customer the component with the capability to conduct all of the functions with certain functions disabled, as designing and manufacturing a separate
component with only the desired functions includes additional design and manufacturing costs which can be avoided by simply using a previously
designed and manufactured component that is capable of at least the desired
functions.
Therefore, in view of this situation, manufacturers regularly design
components with the ability to selectively enable/disable various functionalities of the components, so that a single component can be sold to
a wide range of customers having different component needs. If a customer
desires additional functionality, an upgrade can be offered from the
manufacturer simply by enabling the "dormant" functionality of the
component. However, this flexibility in manufacturing inherently creates opportunity for unauthorized parties to purchase a component with various
features disabled at a lower cost, and thereafter, attempt to enable the full
functionality of the component without authorization from the manufacturer. Further still, this flexibility offers an unauthorized party the potential to
determine a "passcode" for an entire product line or a manufacturer, and
thereafter, market and sell upgrades for that product line without the
manufacturers permission, thereby eliminating the manufacturer from the
upgrade process for a multitude of customers.
A first embodiment of the present invention, shown in Figure 1 , is
configured to minimize the possibility of an unauthorized user being able to
"attack" the component and enable the optional functions of the component
without true authorization from the manufacturer. Figure 1 generally illustrates an exemplary configuration of a function enabler 15 of the present
invention. The exemplary function enabler 15 is generally positioned on- board the computer or electronic component for which it is configured to
enable various functions. Function enabler 15 includes a non-volatile memory 16, which may be in the form of a 96 bit unique unpredictable non¬
volatile register in the present exemplary configuration. Non-volatile memory
16 is generally characterized as a memory and/or register wherein the
bits/information contained therein are programmed at the factory and are not visible to the user as a result of a physical limitation implemented at the factory. This type of physical limitation generally comprises manufacturing
the register such that the contents therein are not readily accessible through
the pins of the component or chip. In the present exemplary embodiment, non-volatile memory 16 can be programmed with, for example, a component identification number at the factory. Additionally, non-volatile memory 16 may
be programmed with a unique key, which can be used to "unlock" or enable
additional functions of the component, if the user inputs a key that
corresponds to the unique key programmed at the factory. Non-volatile memory 16 is in communication with an interface 17 through, for example, a
one way connection, and therefore, non-volatile memory 16 may send
information to interface 17 but not receive information from interface 17 or be
modified by input from interface 17. Interface 17 is also in communication
with a host 18 through, for example, a bi-directional communication. An output of interface 17 is in communication with an input of a register 19, which
is termed a "guess register" in the present exemplary embodiment. An output
of guess register 19 is in communication with a first input 20a of a comparator 20. A second input 20b is in communication with non-volatile memory 16 through a one-way connection in the direction of comparator 20. The output
of comparator 20 is in communication with a first input 21a of a multiplexer
21. Second input 21 b of multiplexer 21 is in communication with a selection
circuit 22. Selection circuit 22 includes an OR gate 23 having an inverted
input, wherein OR gate 23 is in communication with additional non-volatile
memory bits 24. A third input 21 c of multiplexer 21 is in communication with
a bonding option circuit 25, which includes an appropriately sized pull up
resistor 26 and a switch 27.
In operation, for example, non-volatile memory 16 of function enabler 15 may be preprogrammed at the factory with both a unique component
identification number and a unique key. Therefore, for example, assuming that the component is a network switch, the network switch unique
identification number may be a 32 bit identification number or serial number of the network switch. Furthermore, assuming that non-volatile memory 16
constitutes a 96 bit non-volatile register, then the unique key associated with
the network switch could be a 64 bit field stored in the register, which is generally generated through a random number-type process. However,
although a 96 bit non-volatile register having a 32 bit identification number
and a 64 bit unique key therein are presented as the present example,
various other register sizes, as well as key and identification lengths, are
contemplated within the scope of the present invention. When the user of the
network switch desires to enable additional functions of the network switch, the user first must contact the manufacturer, or other party having
access/ability to determine an appropriate passcode, to obtain an appropriate key or password to enable the desired functions of the network switch.
Although the manufacturer is discussed as the party transmitting the passcode to the component, the present invention contemplates that various
other parties are easily substituted for the manufacturer. The function of
contacting the manufacturer is generally accomplished through host 18, which determines the identification number associated with the component/network
switch through communication with non-volatile memory 16 via interface 17. This identification number corresponding to the particular component is then
sent to the manufacturer by host 18, for example, with an accompanying request for a password or key corresponding to the requested additional
functionality of the network switch. Generally, the transmission of the request
for a password or key also may include an agreement between the user and the manufacturer for the user to compensate the manufacturer for the
additional functionality to be enabled in the network switch. This
compensation arrangement may include a transaction that occurs before the functionality is enabled, or alternatively, a transaction that takes place at the
time the password/key is transmitted to the customer. The manufacturer
receives the request information and determines the appropriate
manufacturers key for the particular component and sends this key back to
host 18. This entire process of communicating with the manufacturer in order
to obtain a key may be undertaken, for example, through an internet connection, a direct dial data connection, or through a voice telephone call,
as well as other known communication techniques. Host 18, upon receiving the key from the manufacturer, then sends the manufacturers key to interface 17, which transmits the manufacturer's key to register 19. Register 19
communicates the manufacturers key to the first input 20a of comparator 20.
Additionally, non-volatile memory 16 transmits the unique key that was
initially stored in non-volatile memory 16 during manufacture of the network switch to the second input 20b of comparator 20. Comparator 20, or other
suitable device for comparing numbers, then compares the manufacturers key received from the guess register 19 to the unique key stored in non-volatile
memory 16 to determine if the respective keys match. If the keys match, comparator 20 sends an enable signal to multiplexer 21 through a first input
21 a to multiplexer 21. A second input 21 b of multiplexer 21 receives an input
from selection circuit 22. Selection circuit 22 determines whether multiplexer 21 uses the input from comparator 20 or bonding option circuit 25. For example, if the non-volatile memory 16 is programmed, then the additional
non-volatile bits 24 may be programmed to a logical "1" and "0" respectively
such that the enable signal generated by comparator 20 is selected.
Alternatively, for example, both additional non-volatile bits 24 may programmed to either logical "1 " or "0" such that the enable signal is selected from the bonding option circuit 25. Therefore, the bonding option in
conjunction with the selection circuit offers a manufacturer the flexibility to
selectively enable functionality of the network switch subsequent to the
design phase of manufacturing. Additionally, the present invention contemplates that in order to detect any errors that may have occurred in the
process of enablement of a function, host 18 may be used to determine
whether the process was success. In particular, host 18 may initiate a testing of the enabled functionality to determine if the enablement process was
successful, or alternatively, the output of comparator 20 or multiplexer 21
may be observed by host 18 in order to determine if the function enable
signal was properly generated. This configuration may be implemented on a component and tied to
multiple functions, or alternatively, tied to individual functions of the component. Therefore, a single enabler circuit may enable a single function
or multiple functions, and conversely, multiple enabler circuits may be used
to individually enable a plurality of functions. Therefore, function enabler 15 provides the flexibility for manufacturers to selectively enable a single
function of a component through a secure key, or alternatively, multiple
functions at a time. However, in order to effectively implement this configuration, the manufacturer is generally required to closely monitor the
design and manufacturing phases of the respective components. More particularly, the manufacturer must generally record each unique
manufacturers key programmed into non-volatile memory 16 on every
component, so that when individual users contact the manufacturer for permission to enable additional functionality of components in the users
system, then the manufacturer can readily provide the correct password or
key to be transmitted to guess register 19. As an alternative to storing every
key of every component at the manufacturer, it is also contemplated that the manufacturer may simply store an algorithm configured to generate the unique key stored in non-volatile memory 16 during the manufacturing stage.
Therefore, in this situation, when the manufacturer receives a request from a host for a manufacturers key, the manufacturer can simply determine an
appropriate algorithm to use from the identification number of the component,
calculate the key using the appropriate algorithm, and transmit the key to the user for implementation. This configuration is desirable, as the memory
space required to store each and every key implemented in the
manufacturing phase can be substantial, and is avoided by the algorithm
approach. In addition to monitoring the manufacturing process, the manufacturer must also carefully select the key length. If a sufficiently long
key length is not selected, then an attacker may simply be able to try all
possible key combinations in order to enable the functionality of the
component. This type of attack is referred to as a brute force attack, and will be discussed herein. However, an overly long key is not desirable, as the
computation time necessary to process an overly long key may render the
system inefficient. Additionally, overly long keys increase the necessary on- chip overhead, and therefore, increase the manufacturing cost. Therefore,
key length selection is important to effective operation of the present invention. In selecting an appropriate key length, manufacturers may
consider the available processing power of computers and components, as
well as anticipated computing power in the lifetime of the component, as an
attacker will almost always employ a computer to launch a brute force attack.
In another embodiment of the present invention, as shown in Figure 2,
the necessity to utilize non-volatile memory for enabling functionality of a
component is removed. As such, the requirement of the previous
embodiment to pre-program each and every component at the manufacturing stage with the unique key used to enable additional functions of the
component is eliminated. The embodiment shown in Figure 2 relies upon the
assumption that every component manufactured is associated with a unique
identification and/or property that is not common to any other component. For
example, a media access controller (MAC) is generally programmed at the
manufacturing level, or alternatively, by the user, with a 48 bit address that
is unique to the particular MAC. This unique identification number would be
used in the embodiment of Figure 2 to avoid the problem associated with a person attacking a single component and discovering the passcode for that
single component and using this passcode to enable every other component
in the particular series of components, as the passcode of the embodiment
of Figure 2 is dependent not only upon a secret key stored on-board the component, but also the identification number. This process is generally referred to as symmetric cipher encryption, and is also called secret key
encryption.
Although secret key encryption such as that which is illustrated in
Figure 2 has certain advantages over the embodiment of Figure 1 , the
security of secret key/symmetric cryptosystems is dependent upon two things:
first, the relative strength of the encryption algorithm employed; and second,
the bit length of the key used. Therefore, assuming that a relatively strong
algorithm is employed in a secret key system, the vulnerability of the system is again a function of the key length, as the most efficient method of breaking
the system would likely be through a brute force attack on the system. In
order for an attacker to put forth such an attack, only a small portion of ciphertext along with the corresponding plaintext is needed to begin.
Thereafter, the attacker simply attempts every possible passcode
combination until the correct passcode is found. This process is generally
accomplished through the use of a computer programmed to try every possible passcode. As such, the time needed to determine a passcode is
clearly dependent upon both the computing speed of the attackers computer
as well as the length of the key, which plainly determines the number of possible combinations. Therefore, if the key selected for the system were an
8 bit key, then there would be only 256 possible passcode combinations,
which a standard computer could guess in a fraction of a second. However,
as the key length increases, the number of combinations obviously increases,
which plainly serves to decrease the possibility of "guessing" the passcode through a brute force attack. Although no passcode is guaranteed to be
secure, as any length passcode can eventually be guessed with enough time,
if a key is sufficiently long, it is unfeasible to attempt to guess the passcode
through a brute force approach. For example, if a 56 bit key is employed,
then there are 2 possible passcode combinations. With this many possible
keys, a computer attempting 1 million keys a second would likely take 2,285
years to find the correct key. If the key were increased to 64 bits long, then
the same computer would take about 585,000 years to guess the passcode.
Therefore, again, assuming a relatively strong algorithm, if the key is chosen to be sufficiently long in view of the available computing power, then the secret key system will likely be successful, as a brute force attack would be unfeasible in view of the required time to guess the key. Further, not only
must the key length be chosen to be sufficiently long to deter a brute force attack, but the key must also be selected to be sufficiently short such that the
computation time involved with using the key is not overwhelming. Therefore,
again, the selection of the key length should be based primarily upon the
available computing power, both presently and in the expected lifetime of the key.
Figure 2 illustrates an exemplary implementation of symmetric cipher
encryption using a secret key and a identification number in the present
invention. In this embodiment, a secret key function enabler 32 includes
memory 28, which is not required to be non-volatile memory as used in the previous embodiment. Memory 28 is again used to store a component
identification number, as discussed above, which may be selected by the
user, however, memory 28 does not store a key of any sort in the present
exemplary embodiment. The identification number, which, for example, can be a 32 bit number, is transmitted from memory 28 to a hash function module 29. Hash function module 29 is configured to receive the input from memory
28, which is termed a pre-image input, which in the embodiment of Figure 2,
represents the component's identification number, and output a hash value.
In the present exemplary embodiment hash function module 29 is shown as a one-way hash function module, which is also known generally as a
cryptographic compression function, cryptographic contraction function, a cryptographic message digest, and/or a cryptographic checksum.
A one-way hash function is designed to compute a hash value from pre-image inputs. However, the strength of a one-way hash function is that
it is easy to compute a hash value from pre-image inputs, but extremely
difficult to compute the pre-image inputs that will computationally hash to a particular hash value. Additionally, a one-way hash function is generally
collision free, which indicates that it is difficult to generate different pre-image
inputs that will hash to the same hash value. Further, a one-way hash
function is generally public, and therefore, there is generally very little
secrecy to the process. As such, the security of a one-way hash function lies within the "one-way" function characteristics of the hash function and not the
availability of the hash function. More particularly, the output of a one-way
hash function not dependent upon the input in any discemable way, and
therefore, if a single bit in the pre-image changes, then, on average, half of the hash value bits are expected to change. Therefore, even if an attacker
is given a hash value, it is computationally unlikely that the attacker will be
able to determine the pre-image inputs to a one-way hash function that
generate the hash value within a reasonable time period.
However, in the present exemplary embodiment, hash function module
29 is an optional feature of the invention, as this module can be removed from the embodiment without substantially degrading the operational
characteristics of the invention. Nonetheless, hash function module 29 is
implemented in the present exemplary embodiment in order to increase the functional security of the system, as well as allowing the option of reducing the sheer size of the pre-image input. This is a practical decision, however,
as pre-image inputs are often lengthy, and therefore, it is often desirable to reduce the bit size of the inputs for encryption. Although a 128 bit field, for example, is generally not unusually long for many encryption applications, it
may be computationally burdensome for smaller/less powerful applications,
and therefore, hash function module 29 may be utilized to reduce the length
of the bit stream in order to save computation time and resources. Further, with regard to the increased functional security of the system, the use of the hash function within the embodiment of Figure 2 additionally operates to deter
an attacker from compromising the system using the known "chosen cipher
text" attack. Generally , an example of the chosen cipher text attack is when an
attacker of the component sends dummy cipher text to the manufacturer under the guise of a genuine customer attempting to upgrade a component.
The manufacturer, assuming that it is not discovered that the attacker is
posing as a genuine customer, decrypts the cipher text and returns the
corresponding clear text. Although the returned clear text does not readily
reveal the decryption key, attackers may select the dummy cipher text
cleverly so that the returned clear text reveals substantial information about
the undiscovered key, which may lead the attacker ultimately to discover the key through alternative computational means. However, through the
implementation of the one way hash function into the present invention the
chosen cipher text attack becomes difficult to successfully accomplish, as the
attacker must also determine the input to the hash function that generates the cipher text, which is an inherently difficult task in and of itself.
Returning to the exemplary embodiment shown in Figure 2, the hash value generated by hash function module 29 is transmitted to a symmetric
cipher encryption module 31 as an input. Another input to a symmetric cipher encryption module 31 is a secret key, which is transmitted to a symmetric
cipher encryption module 31 from secret module 30. The hash value input to
the symmetric cipher encryption module 31 is termed the clear text. The
encrypted output of the symmetric cipher encryption module 31 is termed the cipher text. The cipher text generated at the output of the symmetric cipher
encryption module 31 is transmitted to the second input 20b of comparator
20. The first input 20a of comparator 20 is in communication with guess
register 19, which is supplied with the guess passcode for enabling the
desired functionality of the component by host 18. Therefore, the cipher text generated by symmetric cipher encryption module 31 is compared to the
guess passcode inserted into guess register 19 by host 18. If comparator 20
determines that the cipher text from symmetric cipher encryption module 31
matches the guess passcode, then an enable signal is sent from the output
of comparator 20 to OR gate 23. Or gate 23 conducts a logical "OR" operation with inputs from comparator 20 and bonding option 25, which was
discussed with regard to the previous embodiment. Therefore, if either one
of secret key function enabler 32 or bonding option 25 indicates that the
functionality is to be enabled, then an enable signal is transmitted from the
output of OR gate 23, which is used to initiate the enabling of the desired functionality.
An example of the operation of secret key function enabler is illustrated
by the MAC mentioned above. In particular, a MAC is generally programmed with a unique identification number, which is often the address of the MAC
itself. Therefore, the unique identification number stored in memory 28 of the
present embodiment can be, for example, a 48 bit MAC address. This 48 bit
address may be transmitted as pre-image information to a one-way hash function module 29, for example. The unique identification number is
processed by a one-way hash function to generate a hash value of a
predetermined length at the output of hash function module 29. This output is then combined with an additional pre-image information in the form of a secret key received from secret key module 30, and received as an input to
symmetric cipher encryption module 31. The secret key, which is generally
programmed into the component or MAC at the factory and generally hardcoated, can be, for example, 64 bits long, or another length as required
by the user. These inputs are processed by symmetric cipher encryption module 31 and encrypted to generate cipher text at the output of the
symmetric cipher encryption module 31. This cipher text can be transmitted
to a second input of comparator 20 for comparison with a "guess passcode" supplied to guess register 19 by the user. The process of supplying the
guess passcode to guess register 19 generally involves the user contacting
the manufacturer or other party having control over passcodes, often through
host 18, to obtain a valid passcode to enter into guess register 19. As noted
above with respect to the previously discussed embodiment, this process of contacting the manufacturer may be undertaken via the internet, direct dial communications link, or other communications methods. If the guess
passcode matches the cipher text supplied to comparator 20, then an enable signal is generated at the output of comparator 20. This enable signal is
transmitted to an input of OR gate 23, where a logical "or" operation is
conducted with the output of symmetric cipher encryption module 31 and
bonding option circuit 25. Therefore, if either of symmetric cipher encryption
module 31 or bonding option circuit 25 yield an enable signal, then the
corresponding functionality of the MAC is enabled, as a logical "1", which may correspond to an enable signal, will be generated at the output of the OR
gate 23.
Since a symmetric cipher encryption process is reversible by definition, an embodiment representing the reverse encryption process is shown in
Figure 3. In this figure, encryption is conducted on the output of register 19
and not hash function module 29. Further a public key encryption
configuration is used. Public key configurations generally rely on one key for encryption, and a different, but related key for decryption. This
implementation renders it generally computationally unfeasible to determine
the decryption key given only knowledge of the cryptographic algorithm and
the encryption key. Further, current public key encryption configurations are
capable of using either of the two related encryption keys for the encryption
and decryption processes. As such, it is not necessary to undertake the
expense associated with protecting the confidentiality of one of the keys.
Therefore, the manufacturer can, for example, keep one of the keys secure within the manufacturing facility, while the second key may be stored on
board a component in a physical location that, for example, may be accessible to an attacker without substantial effort. Although an attacker may be able to extract the on-board key from the component, it will be essentially useless for purposes of enabling the functionality of a component without
being able to determine the corresponding secret key held by the
manufacturer. This configuration provides an advantage over the previous
embodiments, as the manufacturer has complete control over the security of
the key held within the manufacturing facility, and therefore, need not worry about preventing an attacker from being able to extract an on board key from
a component. This reduces design phase problems and decreases
manufacturing costs, as the additional design and manufacturing costs
associated with protecting an on board key are eliminated.
Returning to the exemplary embodiment shown in Figure 3, host 18 is
again in communication with memory 28, which contains an identification number that may correspond to the component to be enabled by public key
encryption device 33. Memory 28 communicates the component identification
number to hash function module 29 as a pre-image input. Hash function module 29, which is a necessary component in public key system 31 , unlike
secret key function enabler 32, processes the pre-image input and generates
a hash value at an output of hash function module 29. Figure 3 illustrates
hash function module 29 as a module for executing a one way hash function,
as this type of function offers greater security against attackers. The hash value generated by hash function module 29 is transmitted to the second
input 20b of comparator 20. Further, host 18 also obtains a guess passcode
that is transmitted to guess register 19. This guess passcode, as noted in the previous embodiments, is generally obtained from the manufacturer. The passcode is then transmitted as clear text to public key encryption module 35.
Additionally, public key module 34, which contains the previously discussed
public key for the device therein, transmits a public key to public key
encryption module 35. As such, public key encryption module receives both
the guess passcode and the public key as clear text inputs. These two inputs are processed/encrypted by public key encryption module 35 to generate
cipher text at the output of public key encryption module 35. This cipher text
is transmitted to the first input 20a of comparator 20. Comparator 20 then
compares the cipher text received from public key encryption module 35 representing the guess passcode to the hash value generated by hash function module 29 representing the identification number of the component.
If comparator 20 determines that these two values match, then an enable
signal is output from comparator 20 indicating that public key encryption
device 33 has determined that the guess passcode is authentic and that the
corresponding functionality of the component should be enabled. The output
of comparator 20, in similar fashion to the previously discussed embodiment,
is transmitted to an input of OR gate 23, while another input of OR gate 23 is connected to the output of a bonding option circuit 25. Therefore, the
manufacturer has the option of enabling the functionality of the component
even if the public key or other information relevant to the enabling process was not programmed into the component at the manufacturing or design
stages of the component.
In another exemplary embodiment of the present invention, shown in
Figure 4, the identification number discussed in the previous embodiments is eliminated from the configuration. In place of the identification number and
the device for storing such in the previous embodiments, the embodiment of
Figure 4 utilizes a random sequence generator 36, which is configured to
generate a random sequence of bits of a predetermined length. These
randomly generated bits essentially correspond to the identification number
used in the previous embodiments, however, since the random bits are generated on board, the need to program these bits into the component at the
design and/or manufacturing stage is eliminated for the manufacturer.
Further, since these bits are not programmed into the chip, another factor in
the encryption process is unavailable for an attacker to utilize in an attack on the component.
Aside from the lack of the identification number being stored on board
the component, the embodiment of Figure 4 is essentially identical to the
previously discussed public key encryption device 33. Therefore, in view of the discussion of the components of the public key encryption device 33, the
discussion of the embodiment of Figure 4 will focus upon the random
sequence generator 36. Furthermore, the substitution of a secret key scheme
of Figure 2 in place of the shown public key scheme is anticipated within the
scope of the present invention. Although various configurations and devices are known as acceptable random number generators for cryptographic
purposes, the embodiment of Figure 4 illustrates the use of a linear feedback
shift register (LFSR) 37 in conjunction with a ring oscillator configuration 40 in order to generate the desired random number. However, it would be understood by those skilled in the art that various alternative apparatuses and devices for generating the desired random number could be employed in
place of the a linear feedback shift register 37 and the ring oscillator configuration 40 without departing from the scope of the present invention.
Generally, the exemplary random sequence generator 36 is configured to
receive a run signal at an input to the generator. This input indicates that the
generator is to output a random number for use by the random id based
enabler 41. After receiving a run signal and generating the desired random number, the random number is transmitted to the input of hash function
module 29 as pre-image information. Additionally, the random number is
communicated to host 18. More particularly, the run signal received by random sequence generator 36 is received at a first input of NAND gate 38. The output of NAND gate 38 is transmitted to an input of linear feedback shift
register (LFSR) 37, as well as to the input of a series bank of inverters 39.
The output of the series bank of inverters 39 is in communication with a
second input of NAND gate 38. As a result of the exemplary configuration shown in Figure 4, upon receiving a run signal at the input to random sequence generator 36, the cooperative operation of ring oscillator 40 and
LFSR 37 generate a random number at the output of random sequence
generator 36. In operation, random id based enabler 41 first receives a run signal at
the input to the random sequence generator 36, which operates to initiate the generation of the desired random identification number. Once this random
number is generated, it is transmitted to both hash function module 29 and
host 18. Hash function module 29, which is once again shown as a one way hash function for exemplary purposes, receives the random number as pre-
image input and generates a hash value at the output of hash function
module 29. This hash value is communicated to a second input 20b of
comparator 20. Additionally, host 18, upon receiving the random number
from to random sequence generator 36, contacts the manufacturer to obtain a guess passcode corresponding to the random number generated by
random sequence generator 36. The manufacturer, having the private key
corresponding to the public key of random id based enabler 41 , generates a guess passcode corresponding to the public key of random id based enabler
41 from the private key and an encryption/decryption algorithm. The guess passcode generated by the manufacturer is then transmitted to host 18.
Upon receiving the guess passcode from the manufacturer corresponding to the to random number generated by the random sequence generator 36,
host 18 transmits the guess passcode to guess register 19. Guess register
19 transmits the guess passcode to public key encryption module 35 as clear
text, where the guess passcode is then encrypted with the public key stored
in public key module 34 to generate cipher text at the output of public key encryption module 35. This cipher text, which, if the key obtained from host
18 is authentic, is calculated to match the hash value output from hash
function module 29, is then transmitted to the first input 20a of comparator 20.
Comparator 20 compares the calculated cipher text to the hash value generated by hash function module 29. If the cipher text matches the hash value, an enable signal is transmitted from the output of comparator 20 to an
input of OR gate 23. Another input of OR gate 23 is again connected to a bonding option circuit 25 to generate a manual override of random id based
enabler 41 if required. Upon processing the inputs from comparator 20 and bonding option circuit 25, assuming that at least one of these inputs is a
logical high signal, OR gate 23 outputs an enable functionality signal that is
used to initialize enablement of the corresponding functionality.
Upon consideration of the random id based enabler 41 of the
embodiment of Figure 4, it is apparent that the need for programming/designing a unique component identification into every
component is removed by the embodiment of Figure 4. However, in the
configuration shown in Figure 4, the component would likely require re- enablement upon every startup of the component, as every startup would
generate a new random number from random sequence generator 36 that would not correspond to the previously acquired guess passcode. Therefore,
although the embodiment of Figure 4 may require additional processing steps
upon initialization in order to fully enable the component, these additional processing steps strengthen the security provided by the present exemplary embodiment, as a brute force attacker would be required to re-attack the
component in order to re-enable the functionality.
Although the present invention has been described based upon the
above noted embodiments, it would be apparent to those of skilled in the art
that certain modifications, variations, and/or alternative constructions or configurations would be available, while remaining within the spirit and scope
of the invention. In particular, although specific components and algorithms
are mentioned above with regard to the exemplary embodiments, it is contemplated within the scope of the present invention that the function
enabler of the present invention may be applicable to various electronic
components in various configurations. Further, various cryptographic
algorithms may be used in the present invention without departing from the true scope of the present invention. Therefore, in order to determine the true
scope of the present invention, reference should be made to the following
claims.

Claims

Claims:
1. An apparatus for enabling functionality of a component, said
apparatus comprising:
an identification module, said identification module having an
identification number stored therein; a hash function module in communication with said identification module;
a host in communication with said identification module;
a guess register in communication with said host; an encryption module in communication with said guess register; a public key module in communication with said encryption module,
said public key module having a public key stored therein; and
a comparator in communication with said encryption module and said
hash function module, wherein said comparator compares a first bit string to a second bit string to generate a function enable output for the component.
2. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said identification module further comprises an onboard non-volatile register.
3. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said hash function module further comprises a
one-way hash function module configured to receive a pre-image input and output a hash value using a one-way hash function algorithm.
4. An apparatus for enabling functionality of a component as recited in claim 1 , wherein said encryption module further comprises a public
key encryption module, said public key encryption module being configured
to receive the public key and a guess passcode as inputs and generate a
ciphertext bit string as an output.
5. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said apparatus further comprises a selecting device for selecting at least one of the function enable output and a bonding option output.
6. An apparatus for enabling functionality of a component as
recited in claim 5, wherein said selecting device further comprises an OR gate having at least one input for receiving said function enable output and the bonding option output.
7. An apparatus for enabling functionality of a component as
recited in claim 6, said apparatus further comprising a bonding option circuit, said bonding option circuit comprising;
a pull up resistor in communication with said OR gate and a power
supply; and a switch in communication with a ground potential and said OR gate.
8. An apparatus for enabling functionality of a component as recited in claim 5, wherein said selecting device further comprises:
a multiplexer having at least one multiplexer input in communication
with the comparator and a multiplexer output;
a selection circuit in communication with the at least one multiplexer input; a bonding option circuit in communication with the at least one
multiplexer input,
wherein said multiplexer is configured to receive a selection input from
the selection circuit that is used to determine whether to enable functionality of said component in accordance with the bonding option output or the function enable output.
9. An apparatus for enabling functionality of a component as
recited in claim 5, wherein said selecting device further comprises: at least one first non-volatile memory location having at least one first
selection bit stored therein;
at least one second non-volatile memory location having at least one
second selection bit stored therein; and an OR gate having a first input, a second inverted input, and a logic
output, said first input being in communication with said at least one first non-
volatile memory location and said second inverted input being in
communication with said at least one second non-volatile memory location, wherein said selection circuit is configured to generate a selection
indicator on the logic output of the OR gate in accordance with the at least
one first selection bit and said at least one second selection bit.
10. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said first bit string further comprises a ciphertext bit string generated by the encryption module.
11. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said second bit string further comprises a hash value generated by said hash function module.
12. An apparatus for enabling functionality of a component as
recited in claim 1 , wherein said component further comprises at least one of
a network switch and a media access controller.
13. A component for selectively enabling functionality of an electronic device, said component comprising:
means for generating an encrypted bit string;
means for acquiring a guess passcode;
a hash function module in communication with an on board memory, said on board memory having a predefined identification number stored
therein; means for determining if the encrypted bit string matches the guess passcode; and
means for outputting a functionality enable signal.
14. A component for selectively enabling functionality of an
electronic device as recited in claim 13 wherein said means for generating an
encrypted bit string further comprises:
a public key encryption module; a public key module in communication with said public key encryption
module, said public key module having a public key stored therein; and
a guess register in communication with said public key encryption
module, wherein said public key encryption module receives the guess passcode from the guess register and the public key from the public key module in order to generate a ciphertext bit string.
15. A component for selectively enabling functionality of an
electronic device as recited in claim 13, wherein said means for acquiring a
guess passcode comprises:
a host in communication with said means for generating an encrypted
bit string; an identification module in communication with said host, wherein said host is configured to communicate with a manufacturer
of the component to request the guess passcode corresponding to an identification number stored in said identification module.
16. A component for selectively enabling functionality of an electronic device as recited in claim 13, wherein said hash function module
further comprises:
an on board memory, said on board memory having an identification
number stored therein; and a one-way hash function module in communication with said on board
memory, wherein said one-way hash function module receives an identification
number from said on board memory and generates a corresponding hash
value therefrom.
17. A component for selectively enabling functionality of an
electronic device as recited in claim 13, wherein said means for determining further comprises a comparator.
18. A component for selectively enabling functionality of an electronic device as recited in claim 13, wherein said means for outputting
comprises:
a bonding option circuit; and
an OR gate in communication with said bonding option circuit and said means for determining,
wherein said OR gate receives an input from at least one of said
bonding option circuit and said means for determining and generates the
functionality enable signal therefrom.
19. A component for selectively enabling functionality of an electronic device as recited in claim 13, wherein said electronic device further
comprises at least one of a network switch and a media access controller.
20. A method for enabling functionality of an electronic component, said method comprising the steps of:
encrypting a first bit string and a second bit string to generate a third
bit string;
calculating a fourth bit string; comparing the fourth bit string to the third bit string; and
generating a function enable signal in accordance with the
comparison.
21. A method for enabling functionality of an electronic component as recited in claim 20, wherein said encrypting step further comprises the
steps of:
receiving a public key in an encryption module; receiving a guess passcode in the encryption module; and encrypting the public key and the guess passcode to generate a
ciphertext bit string.
22. A method for enabling functionality of an electronic component
as recited in claim 20, wherein said calculating step further comprises: receiving an identification number in a hash function module; and
generating a hash value corresponding to the identification number.
23. A method for enabling functionality of an electronic component
as recited in claim 20, wherein said comparing step further comprises:
receiving the fourth bit string representing a hash value and the third bit string representing a cipher text bit string in at least one input of a
comparator; and determining if the fourth bit string matches the third bit string.
24. A method for enabling functionality of an electronic component as recited in claim 20, wherein said generating step further comprises the
step of selecting at least one of a bonding option output and the function
enable signal as a final enable output.
25. A method for enabling functionality of an electronic component
as recited in claim 24, wherein said selecting step further comprises the steps
of: transmitting the bonding option output to an OR gate as a first input;
transmitting the function enable signal to the OR gate as a second
input; and generating the final enable output from the OR gate in accordance with the first and second inputs.
26. A method for enabling functionality of an electronic component
as recited in claim 20, wherein said encrypting step further comprises the step of determining a guess passcode.
27. A method for enabling functionality of an electronic component
as recited in claim 26, wherein said determining step comprises the steps of:
requesting the guess passcode from a manufacturer;
calculating the guess passcode in accordance with a predetermined algorithm; and
transmitting the guess passcode to an on board host.
28. A method for enabling functionality of an electronic component as recited in claim 27, wherein said requesting step further comprises the steps of contacting a manufacturer through at least one of an internet
connection, a telephone voice call, and a direct dial connection.
29. A method for enabling functionality of an electronic component
as recited in claim 20, wherein said electronic component further comprises at least one of a network switch and a media access controller.
30. An apparatus for enabling functionality of a component, said
apparatus comprising:
at least one memory;
an encryption module in communication with said at least one memory;
a host processor in communication with said at least one memory; and
a comparing device in communication with said encryption module and said at least one memory, wherein said comparing device is configured to compare a guess passcode to a bit string generated by said encryption module in order to
generate an enable output.
31. An apparatus for enabling functionality of a component as recited in claim 30, said apparatus further comprising a hash function module in communication with said at least one memory and said encryption module.
32. An apparatus for enabling functionality of a component as
recited in claim 31 , wherein said at least one memory further comprises:
at least one register in communication with said hash function module
for storing at least one of a component identification number and a secret key; and
a guess register in communication with said host processor and said
comparing device.
33. An apparatus for enabling functionality of a component as recited in claim 32, wherein said at least one register further comprises:
a first register in communication with said host processor and said
hash function module, said first register storing a component identification bit
string therein; and
a second register in communication with said hash function module,
said second register storing a predetermined secret key therein.
34. An apparatus for enabling functionality of a component as
recited in claim 31 , wherein said hash function module further comprises a one-way hash function module, said one way hash function module being
configured to receive at least one pre-image input and calculate a hash value therefrom.
35. An apparatus for enabling functionality of a component as
recited in claim 34, wherein said one way hash function module is further
configured to receive a secret key as a first pre-image input and an
identification number as a second pre-image input.
36. An apparatus for enabling functionality of a component as
recited in claim 31 , wherein said encryption module further comprises a
symmetric cipher encryption module, said symmetric cipher encryption
module being configured to receive a hash value from said hash function module as clear text, and generate a ciphertext bit string at an output from the
clear text.
37. An apparatus for enabling functionality of a component as
recited in claim 30, wherein said apparatus further comprises a device for
selecting at least one of the enable output and a bonding option output.
38. An apparatus for enabling functionality of a component as
recited in claim 37, wherein said device for selecting further comprises:
an OR gate having at least one input for receiving said enable output
and a gate output; and a bonding option circuit in communication with said OR gate.
39. An apparatus for enabling functionality of a component as
recited in claim 38, wherein said bonding option circuit further comprises:
a pull up resistor in communication with said OR gate and a power
supply; and a switch in communication with a ground potential and said OR gate.
40. An apparatus for enabling functionality of a component as recited in claim 37, wherein said device for selecting further comprises:
a multiplexer in communication with said comparing device;
a selection circuit in communication with said multiplexer; and
a bonding option circuit in communication with said multiplexer.
41. An apparatus for enabling functionality of a component as
recited in claim 40, wherein said bonding option circuit further comprises: a pull up resistor in communication with said multiplexer and a power
supply; and
a switch in communication with a ground potential and said multiplexer.
42. An apparatus for enabling functionality of a component as
recited in claim 40, wherein said selection circuit further comprises:
at least one first non-volatile memory location having at least one first
selection bit stored therein;
at least one second non-volatile memory location having at least one second selection bit stored therein; and
an OR gate having a first input, a second inverted input, and a logic
output, said first input being in communication with said at least one first non¬
volatile memory location and said second inverted input being in
communication with said at least one second non-volatile memory location,
wherein said selection circuit is configured to generate a selection
indicator on the logic output of the OR gate in accordance with the at least
one first selection bit and said at least one second selection bit.
43. An apparatus for enabling functionality of a component as recited in claim 30, wherein said comparing device comprises a comparator.
44. An apparatus for enabling functionality of a component as
recited in claim 30, wherein said component comprises at least one of a
network switch and a media access controller.
45. A method for enabling functionality of an electronic component,
said method comprising the steps of: encrypting a first bit string and a second bit string to generate an
encrypted bit string; determining a guess passcode; comparing the guess passcode to the encrypted bit string; and
generating a function enable signal in accordance with the
comparison.
46. A method for enabling functionality of an electronic component as recited in claim 45, wherein said encrypting step further comprises the
steps of:
receiving the first bit string in an encryption module;
receiving the second bit string in the encryption module; and encrypting the first bit string and the second bit string to generate a
ciphertext bit string.
47. A method for enabling functionality of an electronic component
as recited in claim 46, wherein said step of receiving a first bit string further
comprises the steps of: transmitting an identification bit string to a hash function module; calculating a hash value based on the identification bit string; and
transmitting the hash value to the encryption module.
48. A method for enabling functionality of an electronic component as recited in claim 46, wherein said step of receiving a second bit string
further comprises receiving a secret key.
49. A method for enabling functionality of an electronic component
as recited in claim 45, wherein said determining step further comprises the steps of: requesting the guess passcode from a manufacturer;
calculating the guess passcode in accordance with a predetermined
algorithm; and transmitting the guess passcode to an on board host.
50. A method for enabling functionality of an electronic component
as recited in claim 49 wherein said requesting step further comprises the
steps of contacting a manufacturer through at least one of an internet connection, a telephone voice call, and a direct dial connection.
51. A method for enabling functionality of an electronic component
as recited in claim 45, wherein said comparing step further comprises the
steps of: storing the guess passcode in a guess register, said guess register
being in communication with a comparator; comparing the guess passcode to the encrypted bit string;
determining if the guess passcode matches the encrypted string; and outputting the function enable signal if a match is determined.
52. A method for enabling functionality of an electronic component as recited in claim 45, said method further comprising the step of selecting at least one of a bonding option output and the function enable signal as a final output.
53. A method for enabling functionality of an electronic component as recited in claim 52, wherein said selecting step further comprises the steps
of:
transmitting a first selection enable bit string to a first input of an OR gate; transmitting a second selection bit string to a second inverted input of
the OR gate;
conducting a logical OR operation on the first selection enable bit
string and the second enable bit string to determine a selection result; and transmitting the selection result to a multiplexer.
54. A method for enabling functionality of an electronic component
as recited in claim 52, wherein said selecting step further comprises the steps
of: transmitting the bonding option output to an OR gate as a first input;
transmitting the function enable signal to the OR gate as a second
input; and generating the final output from the OR gate in accordance with the
first and second inputs.
55. A component for selectively enabling functionality of an electronic device, said component comprising:
means for encrypting a bit string to generate a ciphertext bit string; means for acquiring a guess passcode; means for determining if said ciphertext bit string matches said guess
passcode; and
means for outputting a functionality enable signal.
56. A component for selectively enabling functionality of an
electronic device as recited in claim 55, wherein said means for encrypting
further comprises: a symmetric cipher encryption module; means in communication with said symmetric cipher encryption module
for generating a cleartext bit string; and a secret key module in communication with said symmetric cipher
encryption module.
57. A component for selectively enabling functionality of an electronic device as recited in claim 56, wherein said means for generating
a cleartext bit string further comprises:
an identification module having an identification number stored therein;
and a hash function module in communication with said identification
module and said symmetric cipher encryption module,
wherein said hash function module is configured to receive the
identification number as an input and generate a hash value as an output to be received by said symmetric cipher encryption module as the cleartext bit
string.
58. A component for selectively enabling functionality of an electronic device as recited in claim 55, wherein said means for acquiring a
guess passcode comprises: a host in communication with said means for encrypting; and
a guess register in communication with said host, wherein said host is configured to communicate with a manufacturer
of the component to request the guess passcode corresponding to a
particular electronic device to be enabled.
59. A component for selectively enabling functionality of an
electronic device as recited in claim 55, wherein said means for determining
further comprises a comparator.
60. A component for selectively enabling functionality of an
electronic device as recited in claim 55, wherein said means for outputting
further comprises: an OR gate in communication with said means for determining; and
a bonding option circuit in communication with said OR gate,
wherein said OR gate is configured to output the functionality enable
signal determined in accordance with an input from the means for determining and an input from the bonding option circuit.
61. A component for selectively enabling functionality of an
electronic device as recited in claim 55, wherein said electronic device
comprises at least one of a network switch and a media access controller.
62. An apparatus for enabling functionality of a component, said apparatus comprising: a comparing device having at least one input and an output; a memory for receiving and storing at least one bit string therein, said
memory having a memory output in communication with said comparing device;
a guess register for receiving a guess passcode therein, said guess
register having a guess passcode input and a guess passcode output, said guess passcode output being in communication with said comparing device;
and a host in communication with said guess register,
wherein said host is configured to receive and transmit the guess
passcode to the guess register so that the guess passcode can be compared to the at least one bit string stored in said memory, and wherein said memory
includes a physical limitation preventing unauthorized extraction of the at
least one bit string stored within said memory.
63. An apparatus for enabling functionality of a component as
recited in claim 62, wherein said memory further comprises a non-volatile register.
64. An apparatus for enabling functionality of a component as recited in claim 63, wherein said non-volatile register further comprises a 96
bit register configured to receive a 32 bit identification and a 64 bit function
enable key.
65. An apparatus for enabling functionality of a component as recited in claim 62, wherein said memory further comprises a memory located
on board said component and programmed during manufacturing of said component with a component identification number and a function enable key.
66. An apparatus for enabling functionality of a component as recited in claim 65, wherein said function enable key further comprises a
string of at least 64 bits selected by a manufacturer of said component and
stored in said memory during a manufacturing process.
67. An apparatus for enabling functionality of a component as recited in claim 62, said apparatus further comprising: a multiplexer having at least one multiplexer input , in communication
with the output of said comparing device, and a multiplexer output;
a selection circuit in communication with said at least one multiplexer input; a bonding option circuit in communication with said at least one
multiplexer input,
wherein said multiplexer is configured to receive a selection input from said selection circuit that is used to determine whether to enable functionality
of said component in accordance with a bonding option output or the output
of the comparing device.
68. An apparatus for enabling functionality of a component as
recited in claim 67, wherein said selection circuit further comprises:
at least one first non-volatile memory location having at least one first selection bit stored therein; at least one second non-volatile memory location having at least one second selection bit stored therein; and an OR gate having a first input, a second inverted input, and a logic output, said first input being in communication with said at least one first non¬
volatile memory location and said second inverted input being in
communication with said at least one second non-volatile memory location.
69. An apparatus for enabling functionality of a component as
recited in claim 67, wherein said bonding option circuit further comprises: at least one pull up resistor having a first end and a second end, said
first end being in communication with said at least one multiplexer input and said second end being in communication with a voltage supply; and
a switch in communication with said at least one multiplexer input and a ground reference potential.
70. An apparatus for enabling functionality of a component as
recited in claim 62, wherein said comparing device further comprises a
comparator.
71. An apparatus for enabling functionality of a component as
recited in claim 62, wherein said component comprises at least one of a network switch and a media access controller.
72. A method for enabling at least one function of a component, said method comprising the steps of:
storing a component identification number and a key in a non-volatile memory on board said component;
transmitting a bit string composed of the key to a first input of a
comparing device ; transmitting a manufacturer's key corresponding to the component identification number to a second input of the comparing device; and
comparing the bit string to the manufacturers key to generate an
enable output, wherein said non-volatile memory is manufactured with a physical
limitation for preventing an attacker from extracting information from said non¬
volatile memory.
73. A method for enabling at least one function of a component as
recited in claim 72, wherein said method further comprises the steps of:
generating a bonding option output; and
selecting at least one of the bonding option output and the enable output for use in enabling functionality of the component.
74. A method for enabling at least one function of a component as
recited in claim 73, wherein said selecting step further comprises the steps
of: transmitting a first selection enable bit string to a first input of an OR
gate;
transmitting a second selection bit string to a second inverted input of
the OR gate; conducting a logical OR operation on the first selection enable bit
string and the second enable bit string to determine a selection result; and
transmitting the selection result to a multiplexer.
75. A method for enabling at least one function of a component as recited in claim 72, wherein said step of transmitting a manufacturers key further comprises the steps of: transmitting the component identification number to the manufacturer;
determining the manufacturers key that corresponds to the component
identification number of the component;
transmitting the determined manufacturers key to a host on board the
component; and transmitting the determined manufacturers key to a guess register via
an interface.
76. A method for enabling at least one function of a component as recited in claim 75, wherein the determining step further comprises the steps
of: receiving the component identification number; and
searching through a database to locate the manufacturers key
corresponding to the component identification number.
77. A method for enabling at least one function of a component as
recited in claim 75, wherein the determining step further comprises the steps
of: receiving the component identification number; and
calculating a manufacturers key corresponding to the component
identification number through the use of a predefined algorithm.
78. A method for selectively enabling functionality of an electronic
component, said method comprising the steps of: storing a bit string in an onboard memory of a component; determining a manufacturers key;
comparing the bit string to the determined manufacturers key; and enabling functionality of the component in accordance with the comparison.
79. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein said storing step further comprises storing a unique bit string in a non-volatile memory having a physical
limitation manufactured therein to prevent unauthorized extraction of the bit
string.
80. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein the step of storing the bit string further comprises: storing a unique component identification number in the memory; and
storing a predetermined cryptographic key in the memory.
81. A method for selectively enabling functionality of an electronic
component as recited in claim 80, wherein both of said storing steps are
accomplished during a manufacturing stage of the component.
82. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein said determining step further
comprises: requesting a manufacturers key from a manufacturer; and
receiving the manufacturers key from the manufacturer.
83. A method for selectively enabling functionality of an electronic component as recited in claim 82, wherein said requesting step is conducted
through an internet connection using at least one host processor.
84. A method for selectively enabling functionality of an electronic component as recited in claim 82, wherein said requesting step is conducted through voice communication.
85. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein said determining step further
comprises indexing into a database of manufacturers keys with a component
identification to determine the manufacturers key corresponding to the component identification.
86. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein said determining step further comprises calculating the manufacturers key based upon a component identification in accordance with a predetermined algorithm.
87. A method for selectively enabling functionality of an electronic
component as recited in claim 86, wherein said calculating step further
comprises calculating the manufacturers key with a predefined cryptographic
algorithm.
88. A method for selectively enabling functionality of an electronic
component as recited in claim 78, wherein said comparing step further
comprises: transmitting the bit string representing both a component identification
number and a predetermined cryptographic key to a first input of a
comparator; transmitting the manufacturers key to a second input of the
comparator; and comparing the bit string to the manufacturers key to determine a match; and outputting an enable signal if a match is determined.
89. A method for selectively enabling functionality of an electronic component as recited in claim 88, wherein said enabling step further
comprises:
receiving the enable signal at a first input of a multiplexer; receiving a bonding option signal at a second input of the multiplexer;
receiving a selection input at a third input of the multiplexer; determining to use at least one of the enable signal and the bonding
option signal; and
outputting a final enable signal from the multiplexer in accordance with the determination.
90. An apparatus for enabling functionality of an electronic
component, said apparatus comprising: at least one means for storing a bit string;
means for transmitting and receiving information, said means for
transmitting and receiving information being in communication with said
means for storing; and
means for comparing a predefined bit string with a guess bit string,
said means for comparing being in communication with said at least one
means for storing, wherein said means for comparing receives at least two inputs from
said at least one means for storing and compares the at least two inputs to determine an enable output for the electronic component.
91. An apparatus for enabling functionality of an electronic
component as recited in claim 90, wherein said at least one means for storing
further comprises: a non-volatile memory in communication with said means for
transmitting and receiving and said means for comparing; and a guess register in communication with said means for transmitting and
receiving and said means for comparing.
92. An apparatus for enabling functionality of an electronic component as recited in claim 91 , wherein said means for transmitting and
receiving information further comprises: an interface in communication with said at least one means for storing;
and a host processor in communication with said interface,
wherein said host processor is configured to communicate with external devices in order to receive a guess passcode.
93. An apparatus for enabling functionality of an electronic
component as recited in claim 91 , wherein said means for comparing further
comprises a comparator having at least one input and an output, said at least
one input being configured to receive the bit string from said non-volatile
memory and a guess passcode from said guess register.
94. An apparatus for enabling functionality of an electronic
component as recited in claim 90, said apparatus further comprising: a multiplexer in communication with said means for comparing; a bonding option circuit in communication with said multiplexer; and selection circuit in communication with said multiplexer.
95. An apparatus for enabling functionality of an electronic component as recited in claim 94, wherein said bonding option circuit further
comprises: at least one pull up resistor in communication with multiplexer and a
voltage supply; and a switch in communication with said multiplexer and a ground reference potential.
96. An apparatus for enabling functionality of an electronic component as recited in claim 94, wherein said selection circuit further
comprises: at least one first non-volatile memory location having at least one first
selection bit stored therein; at least one second non-volatile memory location having at least one
second selection bit stored therein; and an OR gate having a first input, a second inverted input, and a logic
output, said first input being in communication with said at least one first non¬
volatile memory location and said second inverted input being in
communication with said at least one second non-volatile memory location, wherein said selection circuit is configured to generate a selection
indicator on the logic output of the OR gate in accordance with the at least one first selection bit and said at least one second selection bit.
97. An apparatus for enabling functionality of an electronic component as recited in claim 90, wherein said electronic component further comprises at least one of a network switch and a media access controller.
98. An apparatus for enabling functionality of a component, said
apparatus comprising:
a random number generating module for generating a random number; a hash function module in communication with said random number
generating module; a host in communication with said random number generating module;
at least one memory in communication with said host; an encryption module in communication with said at least one memory;
and a comparing device in communication with said encryption module and
said hash function module, wherein said comparing device compares a first bit string to a second
bit string to generate a function enable output for the component.
99. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said hash function module further comprises a one-way hash function module configured to receive a pre-image input and
output a hash value using a one-way hash function algorithm.
100. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said encryption module further comprises a public key encryption module, said public key encryption module being configured
to receive a public key and a guess passcode from said at least one memory as inputs and generate a ciphertext bit string as an output.
101. An apparatus for enabling functionality of a component as recited in claim 98, wherein said at least one memory further comprises:
a guess register in communication with said host and said encryption
module, said guess register being configured to receive a guess passcode from said host; and
a public key module in communication with said encryption module, said public key module being configured to store a public key therein.
102. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said random number generating module further
comprises: a linear feedback shift register in communication with said hash function module;
a NAND gate in communication with said linear feedback shift register; and at least one inverter in communication with said linear feedback shift
register and said NAND gate,
wherein said NAND gate is configured to receive an activation pulse
and said linear feedback shift register is configured to output a random number.
103. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said apparatus further comprises a selecting
device for selecting at least one of the function enable output and a bonding option output.
104. An apparatus for enabling functionality of a component as recited in claim 103, wherein said selecting device further comprises an OR gate having at least one input for receiving the function enable output and the
bonding option output.
105. An apparatus for enabling functionality of a component as recited in claim 104, said apparatus further comprising a bonding option
circuit, said bonding option circuit comprising;
a pull up resistor in communication with said OR gate and a power supply; and
a switch in communication with a ground potential and said OR gate.
106. An apparatus for enabling functionality of a component as recited in claim 103, wherein said selecting device further comprises:
a multiplexer having at least one multiplexer input in communication with the comparing device and a multiplexer output;
a selection circuit in communication with the at least one multiplexer
input;
a bonding option circuit in communication with the at least one
multiplexer input,
wherein said multiplexer is configured to receive a selection input from the selection circuit that is used to determine whether to enable functionality
of said component in accordance with the bonding option output or the function enable output.
107. An apparatus for enabling functionality of a component as
recited in claim 106, wherein said selection circuit further comprises: at least one first non-volatile memory location having at least one first selection bit stored therein; at least one second non-volatile memory location having at least one
second selection bit stored therein; and
an OR gate having a first input, a second inverted input, and a logic output, said first input being in communication with said at least one first non-
volatile memory location and said second inverted input being in
communication with said at least one second non-volatile memory location, wherein said selection circuit is configured to generate a selection
indicator on the logic output of the OR gate in accordance with the at least one first selection bit and said at least one second selection bit.
108. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said first bit string further comprises a ciphertext bit string generated by the encryption module.
109. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said second bit string further comprises a hash
value generated by said hash function module.
110. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said comparing device further comprises a comparator.
111. An apparatus for enabling functionality of a component as
recited in claim 98, wherein said component further comprises at least one of a network switch and a media access controller.
112. A component for selectively enabling functionality of an electronic device, said component comprising:
means for generating a random bit string; a hash function module in communication with said means for
generating;
means for acquiring a guess passcode in communication with said
means for generating;
an encryption module in communication with said means for acquiring;
and a comparing device in communication with said encryption module and
said hash function module, said comparing device having an output for
transmitting a functionality enable signal therefrom.
113. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said means for generating further comprises a random number generating module, wherein said module
is configured to receive an initiate signal and output a random number.
114. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said means for generating further comprises:
a linear feedback shift register, said linear feedback shift register
having an input and an output;
a NAND gate in communication with said linear feedback shift register, said NAND gate having at least one input and an output; and
a bank of inverters in a series configuration, an input to said bank of
inverters being in communication with said output of said NAND gate and said
input of said linear feedback shift register, wherein said at least one input of said NAND gate receives an activation signal the initiates said linear feedback shift register to generate a
random number on the output of said linear feedback shift register.
115. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said hash function module further comprises a one-way hash function module configured to receive a
pre-image input and output a hash value in accordance with a one-way hash
function algorithm.
116. A component for selectively enabling functionality of an electronic device as recited in claim 112, wherein said means for acquiring
a guess passcode further comprises: a host in communication with said means for generating; and
a guess register in communication with said host,
wherein said host is configured to receive a guess passcode from a manufacturer corresponding to the random bit string.
117. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said encryption module
further comprises: a public key encryption module; and
a public key module in communication with said public key encryption
module, wherein said public key encryption module is configured to receive a public key from said public key module and a guess passcode from said
means for acquiring, and generate a ciphertext bit string therefrom.
118. A component for selectively enabling functionality of an electronic device as recited in claim 112, said component further comprising:
a bonding option circuit in communication with said comparing device; and
an OR gate in communication with said comparing device,
wherein said OR gate is configured to select the functionality enable signal from the comparator or an output from the bonding option circuit in
order to generate a final enable output.
119. A component for selectively enabling functionality of an
electronic device as recited in claim 118, wherein said bonding option circuit further comprises:
a pull-up resistor in communication with said OR gate and a power supply; and
a switch in communication with said OR gate and a ground potential.
120. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said comparing device
further comprises a comparator.
121. A component for selectively enabling functionality of an
electronic device as recited in claim 112, wherein said electronic component
further comprises at least one of a network switch and a media access controller.
122. A method for enabling functionality of an electronic component, said method comprising the steps of:
generating a random number; calculating a first bit string from the random number; determining a second bit string corresponding to the random number;
encrypting the second bit string with a public key to generate a third
bit string; comparing the third bit string to the first bit string to determine a match;
outputting a function enable signal in accordance with the comparison.
123. A method for enabling functionality of an electronic component as recited in claim 122, wherein said step of calculating a first bit string further comprises calculating a hash value of said random number.
124. A method for enabling functionality of an electronic component
as recited in claim 122 wherein said determining step further comprises the
steps of: transmitting the random number to a manufacturer calculating a guess passcode corresponding to the random number;
and
receiving the guess passcode in a host.
125. A method for enabling functionality of an electronic component
as recited in claims 122, wherein said encrypting step further comprises the steps of:
receiving a guess passcode from a host;
receiving a public key; and encrypting the guess passcode and the public key to generate a ciphertext bit string.
126. A method for enabling functionality of an electronic component
as recited in claim 122, wherein said comparing step further comprises the
steps of: receiving the third bit string at a first input of a comparator;
receiving the first bit string at a second input of the comparator; determining if the first bit string matched the second bit string; and
outputting a match signal if a match is determined.
127. A method for enabling functionality of an electronic component as recited in claim 122, wherein said outputting step further comprises the
step of determining a final output enable signal from a bonding option output
signal and the function enable signal.
128. A method for enabling functionality of an electronic component
as recited in claim 127, wherein said determining a final output step further
comprises the steps of:
receiving the bonding option output signal at a first input of an OR
gate; receiving the function enable signal at a second input of the OR gate; and
outputting a final output enable signal from the OR gate in accordance
with the first and second inputs.
129. A method for enabling functionality of an electronic component
as recited in claim 124, wherein said transmitting step further comprises communicating with the manufacturer through at least one of an internet
connection, a dial up connection, and a voice connection to obtain the guess passcode.
130. A method for enabling functionality of an electronic component
as recited in claim 122, wherein said electronic component further comprises
at least one of a network switch and a media access controller.
PCT/US2000/026275 1999-10-29 2000-10-24 Apparatus and method for secure field upgradability WO2001033768A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00973385A EP1224766A2 (en) 1999-10-29 2000-10-24 Apparatus and method for secure field upgradability
AU11897/01A AU1189701A (en) 1999-10-29 2000-10-24 Apparatus and method for secure field upgradability

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US16220999P 1999-10-29 1999-10-29
US16215799P 1999-10-29 1999-10-29
US60/162,157 1999-10-29
US60/162,209 1999-10-29
US19337800P 2000-03-21 2000-03-21
US60/193,378 2000-03-21

Publications (3)

Publication Number Publication Date
WO2001033768A2 true WO2001033768A2 (en) 2001-05-10
WO2001033768A3 WO2001033768A3 (en) 2002-01-10
WO2001033768A9 WO2001033768A9 (en) 2002-11-14

Family

ID=27388727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/026275 WO2001033768A2 (en) 1999-10-29 2000-10-24 Apparatus and method for secure field upgradability

Country Status (3)

Country Link
EP (1) EP1224766A2 (en)
AU (1) AU1189701A (en)
WO (1) WO2001033768A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038998A1 (en) * 2002-10-24 2004-05-06 Telefonaktiebolaget Lm Ericsson (Publ) Secure communications
DE102007062915A1 (en) * 2007-12-21 2009-06-25 Endress + Hauser Process Solutions Ag Storage programmable control i.e. digitally operated electronic system, operating method for controlling automation system, involves switching functional block at feasible state if external information corresponds to internal information
TWI709970B (en) 2015-10-26 2020-11-11 美商英特爾公司 Segmented erase in memory

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE1472500A1 (en) 1965-05-11 1969-05-14 German Gresser Glare-free headlights
DE3620789C2 (en) 1986-06-20 1993-12-23 Bosch Gmbh Robert Dimmed automotive headlights

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05183828A (en) * 1991-12-27 1993-07-23 Sony Corp Electronic equipment
US5499295A (en) * 1993-08-31 1996-03-12 Ericsson Inc. Method and apparatus for feature authorization and software copy protection in RF communications devices

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE1472500A1 (en) 1965-05-11 1969-05-14 German Gresser Glare-free headlights
DE3620789C2 (en) 1986-06-20 1993-12-23 Bosch Gmbh Robert Dimmed automotive headlights

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038998A1 (en) * 2002-10-24 2004-05-06 Telefonaktiebolaget Lm Ericsson (Publ) Secure communications
US7284127B2 (en) 2002-10-24 2007-10-16 Telefonktiebolaget Lm Ericsson (Publ) Secure communications
DE102007062915A1 (en) * 2007-12-21 2009-06-25 Endress + Hauser Process Solutions Ag Storage programmable control i.e. digitally operated electronic system, operating method for controlling automation system, involves switching functional block at feasible state if external information corresponds to internal information
TWI709970B (en) 2015-10-26 2020-11-11 美商英特爾公司 Segmented erase in memory

Also Published As

Publication number Publication date
EP1224766A2 (en) 2002-07-24
WO2001033768A3 (en) 2002-01-10
AU1189701A (en) 2001-05-14
WO2001033768A9 (en) 2002-11-14

Similar Documents

Publication Publication Date Title
US7634665B2 (en) Apparatus and method for secure field upgradability with unpredictable ciphertext
US7131001B1 (en) Apparatus and method for secure filed upgradability with hard wired public key
US7596704B2 (en) Partition and recovery of a verifiable digital secret
RU2399087C2 (en) Safe data storage with integrity protection
US5142578A (en) Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors
US4386233A (en) Crytographic key notarization methods and apparatus
US7502467B2 (en) System and method for authentication seed distribution
US6400823B1 (en) Securely generating a computer system password by utilizing an external encryption algorithm
US6950523B1 (en) Secure storage of private keys
RU2284569C2 (en) Method for unblocking and blocking software signs
US7711122B2 (en) Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
US9247024B2 (en) Controlled activation of function
US20060036857A1 (en) User authentication by linking randomly-generated authentication secret with personalized secret
US20130101120A1 (en) Method for secure data exchange between two devices
US10650373B2 (en) Method and apparatus for validating a transaction between a plurality of machines
CN109981562B (en) Software development kit authorization method and device
EP1151369A1 (en) Security access and authentication token with private key transport functionality
WO2002033521A2 (en) Method and apparatus for controlling access to functions with different security levels
WO1998045975A9 (en) Bilateral authentication and information encryption token system and method
WO2006053304A9 (en) Volatile device keys and applications thereof
WO2007103906A2 (en) Secure data transmission using undiscoverable or black data
EP0870382A1 (en) Application level security system and method
WO1996008092A1 (en) Roving software license for a hardware agent
WO2000049764A1 (en) Data authentication system employing encrypted integrity blocks
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2000973385

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000973385

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

AK Designated states

Kind code of ref document: C2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

NENP Non-entry into the national phase in:

Ref country code: JP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)