`USOOSS68552A
`
`United States Patent
`
`[19]
`
`[11] Patent Number:
`
`5,568,552
`
`
`Davis
`[45] Date of Patent:
`Oct. 22, 1996
`
`[54] METHOD FOR PROVIDING A ROVING
`SOFTWARE LICENSE FROM ONE NODE T0
`ANOTHER NODE
`
`0
`_
`_
`[75]
`Inventor: Derek L. Dav1s, Phoenix, Ariz.
`,
`_
`.
`[73] Assrgnee:
`Intel Corporation, Santa Clara, Calif.
`
`Society Press, 1989, pp. 4/155—4/158.
`Dussé, Stephen R. and Burton S. Kaliski “A Cryptographic
`Library for the Motorola 56000” in: Damgard,
`I. M.,
`Advances in Cryptology—Proceedings EUROCRYPT 90,
`Spfinger_Verlag’ 1991, pp_ 230444
`DSP56000/DSP56001 Di
`ital Si nal Processor User—s
`Manual, Motorola, 19907
`2_2_ g
`
`[21] Appl. No.: 472,951
`.
`_
`Filed.
`
`[22]
`
`Jun. 7, 1995
`
`Primary Examiner—David C. Cain
`Attorney, Agent, or Firm—Blakely, Sokoloff, Taylor & Zaf-
`man
`
`Related US. Application Data
`
`[57]
`
`ABSTRACT
`
`DiViSion 0f Ser- NO- 303,084, Sap-7, 1994-
`[62]
`HMK “no
`Int Cl 6
`[51]
`
`""""""""""""""""""l23. 380/30
`[52] US. Ci
`'
`"""
`""""
`380/3 4’ 23 25
`58
`F: I'd
`[
`]
`“3
`0f earc
`""""""""""""""""
`’
`’ 38’0/36
`
`[56]
`
`References Cited
`U,s, PATENT DOCUMENTS
`
`4,658,093
`4,807,288
`
`4/1987 Hellman ...................................... 380/3
`2/1989 Ugon,eta1.
`............................ .. 380/30
`
`0THER PUBLICATIONS
`
`Struif, Bruno “The Use of Chipcards for Electronic Signa-
`tures and Encryption” in: Proceedings for the 1989 Confer-
`ence on VLSI and Computer Peripherals, IEEE Computer
`
`An integrated circuit component for enforcing licensing
`restrictions. Such enforcement is performed through remote
`transmission of access privileges for executing a licensed
`program from the integrated circuit component to another
`similar component.. The integrated circuit component com-
`prising a non—volatile memory for storing a uniquely des-
`ignated key pair, an authentication device certificate and a
`manufacturer public key along with cryptographic algo-
`fithms, a processor for executing the cryptographic algo-
`rithms in order to process information inputted into the
`integrated circuit component and for transmitting the pro“
`cessed information into volatile memory and a random
`number generator for generating the uniquely designated
`key pair internally within the integrated circuit component.
`
`16 Claims, 9 Drawing Sheets
`
`rm,
`
`HARDWARE AGENT
`
`MEMORY ELEMENT
`127
`NON-VOLATILE
`MEMORY
`
`127“ Public/Private
`127!)
`Key Parr
`
`12
`
`122
`
`121
`
`BUS INTERFACE
`
`PROCESSING UNIT
`
`RANDOM
`NUMBER
`GENERATOR
`
`. m1
`
`m2
`
`SYSTEM BUS
`
`13°
`
`HTC EX. 1020
`HTC v. Ancora
`
`US Patent No. 6,411,941
`
`Page 1
`
`Page 1
`
`HTC EX. 1020
`HTC v. Ancora
`US Patent No. 6,411,941
`
`
`
`
`
`US. Patent
`
`m.
`
`9f01tee
`
`5
`
`00
`
`,552
`
`&35;em
`
`uEwEEm
`
`
`
`HQOZDZODmm
`
`ma
`
`£2.890:25
`
`mm
`
`
`
`EDOZEmma
`
`OH
`
`
`
`
`3.58mfl..Mowns.mem1omammoz35vmeEEMEO“MM—MWnGiro
`
`
`
`
`6Baruch5,N.
`
`Page 2
`
`Page 2
`
`
`
`
`US. Patent
`
`LI"c0
`
`69
`
`9f02teehS
`
`
`
`
`
`HQOZDZOOHmHDOZEmma
`
`Egon23$
`
`
`
`ma
`
`OH
`
`2cfigonm
`
`mm
`
`
`
`wwwwmmmz09$me
`
`
`
`86
`
`,552
`
`5.
`
`5,Nmgzmmh
`
`mom335nm
`
`FHMDQL
`
`Page 3
`
`Page 3
`
`
`
`
`
`
`HDOZ
`
`omSSE
`
`Emacs23$
`
`Eu:me
`
`a.»
`
`095qu
`
`US. Patent
`
`LC0
`
`1
`
`m
`
`255
`
`Som9—3965
`fmmuwmoz
`uoafiEwawfi.MwozoammSEE;
`9an?5am.“RH92me
`.,m:vammnmugs:nEEEMEOveanbucm-
`
`manuumfioomgembmémmEBBBEEflwomfiuoo
`aqumzmmoz3E
`QZOOmm ma
`
`dawmnmzmmdgmzmm
`mmmu
`
`
`rhmmmb»mnozEmma
`
`wean—NEE“; 0H
`
`
`
`“mew—053wteams;H,m953%
`
`
`
`Page 4
`
`Page 4
`
`
`
`aP3U
`
`1L,2f"cO
`
`teeh
`
`f0
`
`255,86
`
`bung
`
`wofigwogmo8HVQKSMNRN
`
`355633.;/m8quc2memmmoomm“mom8
`
`ofl
`
`6SHEoszonw..
`\/mom/mmEH$305200
`
`S.
`
`.a:
`
`9zofingmE
`4-....
`
`
`5.,9:5a:Em:o:
`
`aura:
`
`cm:Wmega
`
`
`
`EDDEDH>HDHmzmoemAOKBZODMOSES
`
`
`
`DEmEmOmgfimm;£0250(Aman—
`
`
`
`Page 5
`
`Page 5
`
`
`
`
`
`US. Patent
`
`Oct. 22, 1996
`
`Sheet 5 of 9
`
`5,568,552
`
`r 120
`
`HARDWARE AGENT
`
`127
`
`MEMORY ELEMENT
`
`NON-VOLATILE
`
`MEMORY
`
`127“ Public/Private
`K Pair
`ey
`DC
`
`12%
`
`127“ .IEE-
`
`122
`
`121
`
`BUS INTERFACE
`
`PROCESSING UNIT
`
`RANDOM
`
`NUMBER
`GENERATOR
`
`Figure 5
`
`SYSTEM BUS
`
`:130
`
`Page 6
`
`Page 6
`
`
`
`US. Patent
`
`Oct. 22, 1996
`
`Sheet 6 of 9
`
`5,568,552
`
`START
`
`Manufacture die for the
`
`
`
`
`
`Encapsulate the die within a
`conventional package forming Step 105
`the hardware agent package.
`
`
`
`
`Place hardware agent into
`certification system.
`
`Step 110
`
`Step 115
`
`Step 125
`
`
`
`Supply power to hardware
`agent for it to generate
`public/private key pair.
`
`
`
`
`Output public key to
`
`
`
`Compare public key to
`prior generated public keys.
`
`Step 135
`
`Signal hardware agent to
`generate new
`public/private key pair.
`
`
`
`N0
`
`Update storage device of
`prior generated public keys. Step 140
`
`Create a unique device
`certificate.
`
`Step 145
`
`Step 150
`
`Step 155
`
`Page 7
`
`
`
`Input device certificate and
`manufacturer's public key into
`hardware agent.
`
`
`
`Fl ure 6
`g
`
`Program unique public/private
`
`key pair, device certificate and
`manufacturer's public key
`into non-volatile memory of
`
`hardware agent.
`
`Page 7
`
`
`
`US. Patent
`
`Oct. 22, 1996
`
`Sheet 7 of 9
`
`5,568,552
`
`Establish communication link between first
`node and second node.
`
` Step 200
`
`
`
`First hardware agent transmits its unique device
`certificate to the second hardware agent.
`
`tep 205
`
`
`
`The second hardware agent decrypts device
`certificate to obtain the public key of the
`first hardware agent.
`
`
`
`Second hardware agent transmits its unique
`device certificate to the first hardware agent.
`
`
`
`tep 215
`
`
`
`
`
`tep 220
`
`The first hardware agent decrypts device
`certificate to obtain the public key of the
`second hardware agent.
`
`
`
`
`
`
`
`
`
`
`First hardware agent decrypts challenge
`message with its private key and provides a
`response encrypted with the public key of
`the second hardware agent.
`
`
`
`
`First hardware agent transmits the
`response to the second hardware agent.
`
`St
`
`ep
`
`240
`
`Second hardware agent decrypts the
`response with the private key.
`
`Step 245
`
`Step 255
`Terminate
`communication link.
`
`
`
`No
`
`
`
`hallenge message
`= decrypted
`response?
`
`Yes
`
`Continue to Fi
`
`e 7B
`
`Step 250
`
`Figure 7A
`
`Page 8
`
`tep 225
`
`Step 230
`
`Step 235
`
`Second hardware agent forms a challenge
`message encrypted with the public key of
`the first hardware agent.
`
`
`
`Second hardware agent transmits the
`challenge message to the first hardware
`agent.
`
`
`
`
`
`
`Page 8
`
`
`
`US. Patent
`
`Oct. 22, 1996'
`
`Sheet 8 of 9
`
`5,568,552
`
`Continue fi'om Fi
`
`- 7A
`
`Step 260
`
`Step 265
`
`Step 270
`
`
`
`First hardware agent forms a challenge
`message encrypted with the public key of
`the secpmd hardware agent..
`
`
`First hardware agent transmits the
`challenge message to the second hardware
`agent.
`
`
`
`
`
`
`Second hardware agent decrypts challenge
`message with its private key and provides a
`
`response encrypted with the public key of
`
`
`the first hardware agent.
`
`Second hardware agent transmits the
`response to the first hardware agent.
`
`275
`
`St
`
`ep
`
`First hardware agent decrypts the response
`with the private key.
`
`Step 280
`
`Step 290
`
`Terminate
`communication link.
`
`No
`
` Step 285
`
`Yes
`
`
`
`Communications between the first and
`second hardware agent are secure.
`
`tep 295
`
`Figure 7B
`
`Continue to Fi
`
`- 7C
`
`Page 9
`
`Page 9
`
`
`
`US. Patent
`
`Oct. 22, 1996
`
`Sheet 9 of 9
`
`5,568,552
`
`Continue from Fi
`
`- 73
`
`
`
`First hardware agent queries the second
`hardware agent to determine if it has a
`
`valid licensed token.
`
`Step 300
`
`Step 305
`
`
`
`
`Does
`the second hardware
`agent have the valid
`
`license token?
`
`
`N0
`
`Yes
`
`Step 310
`
`Sequence
`terminated
`
`token.
`
`without passing
`the valid license
`
`
`
` First hardware agent initiates a transfer
`request to the second hardware agent for
`the valid license token.
`
`Step 320
`
`
`
`Second hardware agent confirms to the first -
`hardware agent that a valid license token is Step 315
`available.
`
`license token to the first hardware agent.
`
`St8p 325
`
` Second hardware agent transfers the valid
`
`Step 335
`
`The first hardware agent internally stores
`the valid license token and transmits a
`message to the second hardware agent
`indicating successful transfer of the valid
`license token.
`
`St
`
`ep 330
`
`Communication is terminated.
`
`Figure 70
`
`Page 10
`
`Page 10
`
`
`
`5568552
`
`1
`METHOD FOR PROVIDING A ROVING
`SOFTWARE LICENSE FROM ONE NODE TO
`ANOTHER N ODE
`
`RELATED APPLICATIONS
`
`This is a divisional of a US. patent application (applica-
`tion Ser. No. 08/303,084) filed Sep. 7, 1994. The named
`inventor of the present application also has filed a number of
`co-pcnding United States patent applications
`entitled
`“Apparatus and Method for Providing Secured Communi-
`cations” (Ser. No. 08/251,486) and “Key Cache Security
`System” (Ser. No. 08/365,347). These applications are
`owned by the same assignee of the present Application.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`The present invention relates to licensing software. More
`particularity, the present invention relates to an apparatus
`and method for transferring access privileges for executing
`a licensed software program from an authorized node having
`a first hardware agent to a non-authorized node having a
`second hardware agent without violating a specific-user
`license.
`
`2. Background of Art Related to the Invention
`Early in the evolution of computer systems, modernized
`businesses typically employed a room—sized, centralized
`mainframe having several “dumb” terminals connected to
`the mainframe. With the emergence of smaller, faster and
`more powerful computers, many of these modernized busi-
`nesses have removed their centralized mainframes in favor
`
`of employing a number of stand-alone computers or a
`distributed network (e.g., a local area network) having a
`collection of personal computers, wherein each user has
`control over his or her own personal computer.
`Observing this decentralizing trend, many software devel—
`opers are licensing their software according to a particular
`licensing scheme commonly referred to as a “user—specific”
`license. The user-specific license generally permits a prede-
`termined number of individuals to operate a particular
`software program in a specific manner at any given time.
`Thus, the license is associated with the select number of
`individuals and not to certain nodes. For the scope of this
`application, a “node” is defined as an hardware product
`having “intelligence” such as a computer, printer, facsimile
`machine and the like, preferably including the present inven-
`tion. A paramount problem associated with user—specific
`software licenses is that it indirectly encourages unautho-
`rized usage and/or copying of the licensed software which
`erodes potential licensing revenue for software developers.
`For many years, software developers have sought a way
`of protecting their software from being used and copied
`beyond the terms of the user-specific license while business
`licensees have been attempting to greatly mitigate any
`potential vicarious liability from illegal usage or copying of
`licensed software by their employees. Thus, there exists an
`interest by both the software developers and the business
`licensees alike to prevent
`the proliferation of software
`beyond the terms of the user-specific license.
`Currently, compliance with a user-specific software
`license is sometimes accomplished by using a physical
`hardware device referred to as a “dongle”. A dongle is a
`physical hardware device that is packaged with the licensed
`software program when initially purchased. It
`typically
`couples to a parallel port of a node e.g., a personal computer.
`
`10
`
`15
`
`20
`
`25
`
`3O
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`the licensed software
`At various times during execution,
`program of interest will transmit an authorization message
`(referred to as a “challenge”) to an active device employed
`within the dongle. The active device within the dongle
`processes the challenge using secret information (hereinafter
`referred to as a “valid license token”) stored internally
`within the dongle and generates a return message (referred
`to as a “response”). The software program compares this
`response to an expected response and permits further execu-
`tion only if these responses are identical.
`Thus, while the user is able to copy the licensed software
`program and load it onto multiple personal computers, only
`a first personal computer, to which the dongle is connected,
`would be able to execute this software program. In order to
`execute the licensed software program on another personal
`computer, the dongle must be physically removed from the
`first personal computer and coupled to the other personal
`computer. As a result, the software on the first personal
`computer is disabled. It is clear that multiple installations of
`the licensed software program do not cause any adverse
`fiscal elfects to the software developer because the number
`of dongles provided to the business licensee is generally
`limited to the number of persons agreed to under the
`user—specific software license.
`Although the dongles ensure compliance with the user-
`specific license, it affords a number of disadvantages. One
`disadvantage is that the dongle must be physically delivered
`to the customer. Thus, while systems for electronic delivery
`of software (referred to as “content distribution”) are being
`proposed and implemented to increase convenience and >
`reduce distribution costs, the dongle, as a physical device,
`still requires the traditional distribution methodology with
`its associated costs. By requiring a dongle to protect the
`fiscal
`interests of the software developer,
`the customer
`would have to endure the onerous task of (i) directly
`obtaining the dongle at a chosen location and thereafter
`attaching the dongle to the node before being able to use the
`licensed software program, or (ii) ordering the licensed
`software program prior to its intended use so that the content
`distributor has time to mail the dongle to the customer. In
`any event, the dongle impedes the efliciency and appeal-
`ability of content distribution.
`Another disadvantage is that the removal and attachment
`of the dongle is a time-consuming process. In a time—
`sensitive business, the exchange of the dongle etfects the
`overall performance of the business. A further dis advantage
`is continual removal and attachment of the dongle increases
`the likelihood of the dongle becoming damaged and non~
`functional, requiring the business to await the new dongle
`before being able to use the software application again.
`Yet another disadvantage is that although the license is
`directed toward individuals, the dongle generally is attached
`to the node. Thus, if the user travels to another machine (e.g.,
`a personal computer located at his or her home), he or she
`is precluded from using the licensed software program
`unless the user has possession of the dongle.
`
`BRIEF SUMMARY OF THE INVENTION
`
`Based on the foregoing, it would be desirable to construct
`a cryptographic device with the functionality of an elec-
`tronic dongle as an integrated circuit component internally
`implemented within a node. Accordingly, it is an object of
`the present invention to provide an integrated circuit com-
`ponent for providing a roving software license without
`requiring continual physical manipulations of hardware.
`
`Page 11
`
`Page 11
`
`
`
`3
`
`4
`
`5568552
`
`The integrated circuit component, generally referred to as
`a hardware agent, comprising a processing unit for perform—
`ing operations for identification purposes and a memory
`element including (i) non-volatile memory which stores a
`unique public/private key pair, (ii) a digital certificate which
`verifies the authenticity of the key pair and (iii) a public key
`of a chosen entity (preferably the manufacturer of the
`integrated circuit component) which enables communication
`between the integrated circuit component and other similar
`components fabricated by the manufacturer. The non—vola-
`tile memory also may be used contain cryptographic algo-
`rithms. The integrated circuit component further includes
`volatile memory that stores information processed by the
`processing unit, an interface in order to receive information
`in encrypted or decrypted format from and/or transmit
`information to other similar component(s) via a communi-
`cation bus and a random number generator that produces the
`unique public/private key pair.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The objects, features and advantages of the present inven—
`tion will become apparent from the following detailed
`description of the present invention in which:
`FIG. 1 is a block diagram illustrating a bidirectional
`symmetric key encryption and decryption process.
`FIG. 2 is a block diagram illustrating a bidirectional
`asymmetric key encryption and decryption process.
`FIG. 3 is a block diagram illustrating a digital certification
`process from a trusted authority.
`FIG. 4 is a block diagram of a computer system incor-
`porating an embodiment of the present invention.
`FIG. 5 is a block diagram of an embodiment of the present
`invention.
`
`FIG. 6 is a flowchart illustrating the method for imple-
`menting pair and digital certificate into an integrated circuit
`component.
`
`FIGS. 7A—7C are flowcharts illustrating the operations of
`a first hardware agent establishing communications with a
`second hardware agent in order to transfer a valid license
`token between the second hardware agent having licensed
`privileges and the first hardware agent.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`The present invention relates to an apparatus and method
`for enabling a roving software license to be transferred
`between appropriately configured hardware agents thereby
`eliminating the need for a distributable physical hardware
`device. In the following description, numerous details are set
`forth in order to provide a thorough understanding of the
`present invention. However, it is apparent to one skilled in
`the art that the present invention may be practiced through
`many diiferent embodiments than that illustrated without
`deviating from the spirit and scope of the present invention.
`In other instances, well-known circuits, elements and the
`like are not set forth in detail in order to avoid unnecessarily
`obscuring the present invention.
`In the detailed description, a number of cryptography-
`related terms are frequently used to describe certain char-
`acteristics or qualities which is defined herein. A “key” is an
`encoding and/or decoding parameter for a conventional
`cryptographic algorithm. More specifically,
`the key is a
`sequential distribution (“string”) of binary data being “11”
`bits in length, where “n” is an arbitrary number. A “message”
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`60
`
`65
`
`is generally defined as information (e.g., encrypted keys
`address and data) being transferred in a sequence of bus
`cycles. The information may include a challenge or a return
`response. A “digital certificate” is defined as any information
`pertaining to an entity initiating communications, typically
`its public key, encrypted through use of a private key by a
`widely published trusted authority (e. g., bank, governmental
`entity, trade association, etc.). A “digital signature” is similar
`to a digital certificate but is used for authentication of the
`message itself, not the sender.
`In recent years, it is becoming more and more desirable to
`transmit digital information from one location to another. As
`a result, many entities are now using cryptographic technol—
`ogy so that the information is transferred in a manner which
`is clear and unambiguous to a legitimate receiver, but
`incomprehensible to any illegitimate recipients. Typically,
`cryptographic technology operates in accordance with one
`of two conventional
`techniques; namely, symmetric key
`cryptography or asymmetric (or public) key cryptography or
`a combination of these cryptographic technologies.
`Refening to FIG. 1, an illustrative embodiment of the
`symmetric key cryptography technique is illustrated. This
`technique requires the use of an identical i.e., symmetric
`secret key (labeled “SK”) 1 to encrypt an original message
`5 being transmitted between a first node 10 and a second
`node 15 to form an encrypted original message 20 and to
`decrypt the encrypted original message 20 to recover the
`original message 5. Such encryption and decryption is
`performed through well—known conventional cryptographic
`algorithms such as, for example, the Data Encryption Algo-
`rithm, more commonly referred to as “DES”. The original
`message 5 is (i) encrypted at the first node 10, (ii) transmit—
`ted from the first node 10 to the second node 15 through a
`public domain 25 such as a telephone lines and the like and
`(iii) decrypted at the second node 15. However, this tech-
`nique is diflicult to support with a large number of users
`because it
`requires prior establishment of secret keys
`(“SK”).
`Refening now to FIG. 2, an illustrative embodiment of
`the asymmetric key technique is shown. This technique
`employs two separate keys (referred to as a “public key” and
`“private key”) being used separately for encryption and
`decryption purposes. For establishing bidirectional commu-
`nications from the first node 10 to the Second node 15, a
`“public” key 16 of the key pair of the second node 15
`(labeled “PUK2”) is stored in and generally used by the first
`node 10 to encrypt an original message 30 under an asym-
`metric “RSA” algorithm well known in cryptography. This
`forms an encrypted original message 35 to be transmitted to
`the second node 15. A public and private key pair 11 and 12
`of the first node 10 (labeled “PUK1” and “PRK1”) are
`further stored in the first node 10.
`
`A “private” key 17 of the key pair of the second node 15
`(labeled “PRK2”) is exclusively known and used by the
`second node 15 for many purposes, including to decrypt the
`encrypted message 35 from the first node 10 under the RSA
`algorithm as shown in FIG. 2. However, this technique is
`susceptible to attempts by an illegitimate entity (e.g., com-
`mercial
`spy)
`to impersonate a legitimate entity (e. g.,
`employee, joint-venturer, etc.) by sending fraudulent mes—
`sages to another legitimate entity for the purpose of disrupt—
`ing work flow or obtaining confidential information. Thus,
`additional protocols are commonly used to authenticate a
`message and legitimize the entity sending the message.
`the
`Authentication of the sender (i.e., verifying that
`sender of a public key is, in fact, the true owner of the public
`
`Page12
`
`Page 12
`
`
`
`5568552
`
`5
`
`key) is a problem when communications are initially estab-
`lished between previ0usly unknown parties. This problem is
`commonly avoided by incorporating a digital certificate 45
`within a transmission message 50. The digital certificate 45
`is issued by a mutually trusted authority 55 (e.g., a bank,
`governmental entity, trade association, etc.) by encrypting a
`public key of the node initiating the communications
`(“PUKI”) 11 with a signature statement (labeled “SM”) 58
`with a private key (“PRKTA”) 57 of the trusted authority 55
`so that fraudulent attempts to use PUK2 16 will simply result
`in an unreadable response to the transmission message by its
`recipient. The selected trusted authority 55 depends on the
`parties involved. For example, two individuals employed by
`the same business could both trust the certificates issued by
`a corporate security oflice of the business. Employees’of two
`independent business entities, however, would require not
`only the certificates from the respective security oflices, but
`also the certificates from, for example, some industry trade
`organization that certifies such business entities.
`In this approach, multiple operations are concurrently
`performed to construct the transmission message 50. One
`operation is that the original message 40 is encrypted using
`a symmetric secret key (SK”) 60 via the DES algorithm to
`form the encrypted message 65 which is input into the
`transmission message 50 along with the digital certificate
`45. The original message 40 also undergoes a hash algorithm
`70 (e.g., “MD5”) to form a transmitted message digest 75.
`The transmitted message digest 75 is further encrypted using
`a private key of the first node (“PRKl”) 12 to form a digital
`signature 80 which is input into the transmission message
`50. Additionally, the symmetric key (“SK”) 60 is encrypted
`with a public key of the second node (“PUK2”) 16 under the
`RSA algorithm resulting in “SKm” 85 and further input to
`the transmission message 50.
`Referring still to FIG. 3, upon receipt of the transmission
`message 50 from the first node 10 being transmitted through
`the public domain 25, the second node 15 decrypts the SKEW
`85 with its private key CPRK2”) 17 and the digital certificate
`45 with a published public key (“PUBTA”) 0f the trusted
`authority 55 to obtain SK 60 and PUKl 11. These SK and
`PUKl keys 60 and 11 are used to decrypt the encrypted
`original message 65 and the digital signature 80 to retrieve
`the transmitted message digest 75 and the original message
`40, respectively. The original message 40 then undergoes a
`hash algorithm 85, identical to that performed in the first
`node 10. The results (referred to as a “received message
`digest") 90 are compared to the transmitted message digest
`75. If the transmitted message digest 75 is identical to the
`received message digest 90, communications are maintained
`between these legitimate nodes.
`Referring to FIG. 4, an illustrative embodiment of a
`computer system 100 utilizing the present
`invention is
`illustrated. The computer system 100 comprises a plurality
`of bus agents including a host processor 105, a memory
`device 110, an input/output (“I/O”) controller 115 and a
`cryptographic device referred to as a “hardware agent” 120.
`The plurality of bus agents are coupled together through a
`system bus 130 which enables information to be communi-
`cated between these bus agents.
`Being well-known in the computer industry, it is contem-
`plated that more than one host processor could be employed
`within the computer system 100 although only the host
`processor 105 is illustrated in this embodiment. Moreover,
`the memory device 110 may include dynamic random access
`memory (“DRAM”), read only memory (“ROM”), video
`random access memory (“VRAM”) and the like. The
`memory device 110 stores information for use by the host
`processor 105.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`6
`The 110 controller 115 is an interface between an IIO bus
`135 and the system bus 130 which provides a communica-
`tion path (i.e., gateway)
`for
`transferring information
`between components coupled to the system bus 130 or the
`I/O bus 135. The U0 bus 135 transfers information into and
`from at least one peripheral device in the computer system
`100 including, but not limited to a display device 140 (e.g.,
`cathode ray tube, liquid crystal display, etc.) for displaying
`images; an alphanumeric input device 145 (e.g., an alpha-
`numeric keyboard, etc.) for communicating information and
`command selections to the host processor 105; a cursor
`control device 150 (e.g., a mouse, trackball, touch pad, etc.)
`for controlling cursor movement; a mass data storage device
`155 (e.g., magnetic tapes, hard disk drive, floppy disk drive,
`etc.) for storing information; an information transceiver
`device 160 (fax machine, modern, scanner etc.) for trans-
`mitting information from the computer system 100 to
`another device and for receiving information from another
`device; and a hard copy device 165 (e.g., plotter, printer,
`etc.) for providing a tangible, visual representation of the
`information. It is contemplated that the computer system
`shown in FIG. 4 may employ some or all of these compo-
`nents or different components than those illustrated.
`Refen‘ing now to an embodiment of the present invention
`as shown in FIG. 5, the hardware agent 120 is coupled to the
`system bus 130 establishing a communication path with the
`host processor 105 as well as the memory and IIO controllers
`(not shown). The hardware agent 120 comprises a single
`integrated circuit in the form of a die 121 (e.g., a micro-
`controller) encapsulated within an integrated circuit compo-
`nent package 122, preferably hermetically, to protect the die
`121 from damage and harmful contaminants. The die 121
`comprises a processing unit 123 coupled to a memory
`element 124, a bus interface 125 and a number generator
`126. The bus interface 125 enables communication from the
`
`hardware agent 120 to another device (e.g., the host proces-
`sor, another hardware agent in another device, etc.). The
`processing unit 123 performs computations internally within
`a secured environment within the die 121 to confirm a valid
`connection with an authorized receiver. Such computations
`include executing certain algorithms and protocols, activat-
`ing circuitry (e. g., the number generator 126 being prefer-
`ably random in nature) for generating a device-specific
`public/private key pair and the like. The processing unit 123
`is placed within the die 121 to prevent access of the private
`key through vims attack, which is a common method of
`disrupting a computer system to obtain its private key and
`other information.
`
`The memory element 124 includes a non-volatile memory
`element 127, such as flash memory, which stores appropriate
`cryptographic algorithms such as “RSA” and “DES”, the
`public/private key pair 127a, a digital certificate for verify-
`ing the authenticity of the key pair (labeled “DC”) 127;; and
`a public key of the manufacturer of the integrated circuit
`component (“PUKM”) 127C for enabling communication
`between the integrated circuit component and another simi-
`lar device fabricated by the manufacturer (discussed in more
`detail in FIG. 6). This non—volatile memory 127 is used
`primarily because it retains its contents when supply power
`is discontinued. The memory unit 124 further includes
`random access memory (“RAM”) 128 in order to store
`certain results from the processing unit 123.
`Although the hardware agent 120 is implemented as a
`peripheral device on the system bus 130 for greater security,
`it is contemplated that the hardware agent 130 could be
`implemented in several other ways at the PC platform level
`such as, for example, as a disk controller or PCMCIA card
`
`Page 13
`
`Page 13
`
`
`
`7
`
`8
`
`1568552
`
`to automatically decrypt and/or encrypt information being
`inputted and outputted from a hard disk. Another alternative
`implementation would be for the hardware agent to be one
`component of a multi-chip module including the host pro—
`cessor as discussed below. Furthermore, even though the
`hardware agent is described in connection with PC plat-
`forrrrs, it is contemplated that such hardware agent could be
`implemented within node such as a fax machine, printer and
`the like or on a communication path between a computer and
`the U0 peripheral device.
`Referring to FIG. 6, a flowchart of the operations for
`manufacturing the present invention is illustrated. First, in
`Step 100, the die of the hardware agent is manufactured
`according to any conventional well~known semiconductor
`manufacturing technique. Next,
`the die is encapsulated
`within a semiconductor package so as to form the hardware
`agent itself (Step 105). The hardware agent is placed onto a
`certification system which establishes an electrical and
`mechanical coupling between the hardware agent and the
`certification system (Step 110). The certification system
`comprises a carrier coupled to a printed circuit board for
`generating and receiving electrical signals for certification of
`the hardware agent. The certification system further com-
`prises a storage device (e.g., a database) of previously
`generated public keys to guarantee unique key generation.
`Thereafter, the certification system supplies power to the
`hardware agent which powers the random number generator
`enabling it to generate a device-specific public/private key
`pair internally within the hardware agent (Step 115).
`After the public/private key pair has been generated
`within the hardware agent,
`the public key of the public/
`private key pair is transmitted to the certification system
`(Step 120). The public key is compared with those previ-
`ously generated public keys from previously manufactured
`hardware agents being stored in the storage device (Step
`125). In the unlikely event that the public key is identical to
`one of the previously generated public keys (Step 130), the
`hardware agent is signaled by the certification system to
`generate another such public/private key pair (Step 135) and
`continue this process from Step 120 to ensure that each
`public/private key pair is unique.
`In the event that the public key is unique, the storage
`device is updated with this unique public key (Step 140).
`Thereafter, in Step 145, the certification system creates a
`unique device certificate verifying the authenticity of the key
`pair (hereinafter referred to as the “authentication device
`certificate”), The authentication device certificate will
`include at
`least
`the public key of the device “digitally
`signed” with the secret private manufacturing key (i.e. in
`general terms, encrypting the public key of the device with
`the manufacturer’s priv