NANAAA
`US005568
`.
`e
`11] Patent Number:
`5,568,552
`United States Patent 15
`Davis
`[45] Date of Patent:
`Oct. 22, 1996
`
`
`[54] METHOD FOR PROVIDING A ROVING
`SOFTWARE LICENSE FROM ONE NODE TO
`ANOTHER NODE
`
`.
`.
`.
`[75]
`Inventor: Derek L. Davis, Phoenix, Ariz.
`.
`.
`.
`[73] Assignee:
`Intel Corporation, Santa Clara, Calif.
`
`Society Press, 1989, pp. 4/155-4/158.
`Dussé, Stephen R. and Burton S. Kaliski “A Cryptographic
`Library for the Motorola 56000” in: Damgard,
`I. M.,
`Advances in Cryptelogy—Proceedings EUROCRYPT 90,
`Springer-Verlag, 1991, pp. 230-244.
`DSP56000/DSP56001 Digital Signal Processor User-s
`Manual, Motorola, 1990, >. 2-2. &
`
`[21] Appl. No.: 472,951
`a4.
`Filed:
`
`(22]
`
`Jun. 7, 1995
`
`Primary Examiner—David C. Cain
`Attorney, Agent, or Firm—Blakely, Sokoloff, Taylor & Zaf-
`man
`
`Related U.S. Application Data
`
`(57]
`
`ABSTRACT
`
`[62] Division of Ser. No. 303,084, Sep. 7, 1994.
`H04K 1/00
`[51]
`Int. CLS
`(52] US Cl sees380/4:380123: 380/30
`
`58
`Ki. ld f Sweeshmere
`330/3 4 23.25
`[58]
`Wield
`Of
`Search
`onesessussnmsennn
`and 38030
`[56]
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,658,093
`4,807,288
`
`4/1987 Hellman 0.0...eeesseeceneeeceeeeneeee 380/3
`2/1989 Ugon, et al.
`cccosersrrssssererceeessenes 380/30
`OTHER PUBLICATIONS
`oo
`.
`.
`Struif, Bruno “The Use of Chipcards for Electronic Signa-
`tures and Encryption’in: Proceedings for the 1989 Confer-
`ence on VLSI and Computer Peripherals, IEEE Computer
`
`An integrated circuit component for enforcing licensing
`restrictions. Such enforcementis performed through remote
`transmission of access privileges for executing a licensed
`program from the integrated circuit component to another
`similar component. The integrated circuit component com-
`prising a non-volatile memory for storing a uniquely des-
`ignated key pair, an authentication device certificate and a
`manufacturer public key along with cryptographic algo-
`rithms, a processor for executing the cryptographic algo-
`rithms in order to process information inputted into the
`integrated circuit component and for transmitting the pro-
`cessed information into volatile memory and a random
`number generator for generating the uniquely designated
`key pair internally within the integrated circuit component.
`
`16 Claims, 9 Drawing Sheets
`
`ame
`
`MEMORY ELEMENT
`127
`NON-VOLATILE
`MEMORY
`
`BUS INTERFACE SYSTEM BUS
`
`1278|PubliePrivate
`12%
`Key Pair
`
`“Pom|
`
`PROCESSING UNIT
`
`RANDOM
`NUMBER
`GENERATOR
`
`Pm]
`
`me
`
`180
`
`US Patent No. 6,411 941
`
`HTC EX. 1020
`HTC v. Ancora
`
`Page 1
`
`Page 1
`
`HTC EX. 1020
`HTC v. Ancora
`US Patent No. 6,411,941
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 1 of 9
`
`5,568,552
`
`adONGNOO"US
`
`ST
`
`
`
` 4urewrogya11qg
`
`AGONLSald
`
`oT
`
`[BULaLIO
`
`adessoyy
`
`
`
`paydé1oug
`
`jearsiig
`
`adesseyl
`
`yeulaig
`
`edussey]
`
`[aing1y
`
`Page 2
`
`Page 2
`
`
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 2 of 9
`
`5,568,552
`
`
`
`aCONGNOOdSeuroonandGONLSuld
`
`
`
`GT
`
`Or
`
` [eulsug
`Zaénsiy
`aBessaw((THNd)VSU|=adessoyy
`
`
`:UleWOcCT31
`
`paydArugy
`
`adessayy
`
`Gs
`
`[euIsLiQ
`
`Page 3
`
`Page 3
`
`
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 3 of 9
`
`5,568,552
`
`(THNdDVSU
`
`poz}UIsUeL,
`
`
`
`qaadiq]odessayy
`
`oyBdIfI}190)
`
`[eyaIg
`
`ainzBudig
`
`pezdérouyC ST
`(‘WINNAVSUread
`Cussad[sulsiig
`
`‘adessoy]
`
`oT
`
`Galns1g
`
`
`
`ureulogy91IqNd
`
`GZ
`
`AdGONLSU
`
`(‘candvSu
`
`paydéroug
`
`[eurs140
`
`jenaid
`
`ayeo171}409
`
`eysid
`
`amnqeusig
`
`
`
`AdyayBALL
`
`(.TMud.)
`
`AYLIONNYpaysn4y,
`
`wWiLadd,J
`
`Page 4
`
`Page 4
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 4 of 9
`
`5,568,552
`
`
`
`(,yuadyoreMpreH,,)
`
`GOrAdda
`
`JIHdVaDOLdAYO
`
`O21
`
`oot
`
`paANS1
`
`30
`
`
`
`wossdo0uUdLSOH
`
`O&T
`
`
`
`ortAYOWGN
`
`|golaAaa
`
`YATIOULNOO
`
`GeT
`
`
`
`NOLLVNUYOANI
`
`YaAISOSNVUL
`
`SSVA
`
`aOIAdGadOVAOLS
`
`a@OIAdd
`
`g9T
`
`O9T
`
`SST
`
`OST
`
`Page 5
`
`Page 5
`
`
`
`
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 5 of 9
`
`5,568,552
`
`fo 120
`
`HARDWARE AGENT
`
`197.
`
`MEMORY ELEMENT
`
`NON-VOLATILE
`MEMORY
`
`122
`
`BUS INTERFACE
`
`1278|Public/Private
`Key Pair
`om
`ey
`121
`Ce
`‘eTPuEM|
`
`m4
`
`4294
`
`PROCESSING UNIT
`
`GENERATOR
`
`SYSTEM BUS
`
`Figure a
`
`130
`
`Page 6
`
`Page 6
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 6 of 9
`
`5,568,552
`
`Manufacturedie for the
`hardware agent.
`
`Step 100
`
`Encapsulate the die within a
`conventional package forming|Step 105
`the hardware agent package.
`
`
`
`
`
`
`
`Place hardware agent into
`certification system.
`
`Step 110
`
`
`
`Step 115
`
`
`
`Step 120
`
`
`
`Supply power to hardware
`agentfor it to generate
`public/private key pair.
`
`
`Output public key to
`certification system.
`
`Comparepublic key to
`
`prior generated public keys. Step 125
`
`
`
`Step 135
`Signal hardware agent to
`generate new
`public/private key pair.
`
`Identical?
`
`Step 130
`
`No
`
`Update storage device of
`prior generated public keys. Step 140
`
`Create a unique device
`certificate.
`
`Step 145
`
`
`
`Input device certificate and
`manufacturer's public key into
`
`hardware agent.
`
`Step 150
`
`Figure 6
`&
`
`Program uniquepublic/private
`
`key pair, devicecertificate and
`manufacturer's public key
`into non-volatile memory of
`
`hardware agent.
`
`Step 155
`
`Page 7
`
`Page 7
`
`

`

`.
`.
`.
`Establish communication link betweenfirst
`
`
`First hardware agent transmits its unique device
`certificate to the second hardware agent.
`
`Step 205
`
`U.S. Patent
`
`5,568,552
`
`Oct. 22, 1996
`Sheet 7 of 9
`
`node and second node. Step 200
`
`
` The second hardware agent decrypts device
`
`certificate to obtain the public key of the
`
`
`first hardware agent.
`
`
`
`Second hardware agent transmits its unique
`device certificate to the first hardware agent.
`
`
`
`
`Thefirst hardware agent decrypts device
`certificate to obtain the public key of the
`second hardware agent.
`
`
`
`
`
`tep 220
`
`
`
`
`
`Second hardware agent forms a challenge
`message encrypted with the public key of
`the first hardware agent..
`
`
`
`tep 225
`
`
`
`Second hardware agent transmits the
`challenge messageto thefirst hardware
`
`
`agent.
`
`
`
`Step 230
`
`
`
`First hardware agent decrypts challenge
`message with its private key and provides a
`
`
`response encrypted with the public key of
`the second hardware agent.
`
`
`
`Step 235
`
`First hardware agent transmits the
`response to the second hardware agent.
`
`Step
`
`©P
`
`240
`
`Second hardware agent decrypts the
`response with the private key.
`
`Step 245
`
`Step 255
`Terminate
`
`Figure 7A
`
`No
`
`
`hallenge message
`
`
`
`response?
`
`
`Yes
`
`Continue to Figure 7B
`
`Page 8
`
`Page 8
`
`

`

`U.S. Patent
`
`Oct. 22, 1996,
`
`Sheet 8 of 9
`
`5,568,552
`
`Continue from Figure 7A
`
`
`
`First hardware agent forms a challenge
`message encrypted with the public key of
`
`the secpmd hardware agent..
`
`
`First hardware agent transmits the
`challenge message to the second hardware
`
`
`agent.
`
`
`
`jStep 260
`
`Step 265
`
`
`
`Second hardware agent decrypts challenge
`
`
`message with its private key and provides a
`
`
`response encrypted with the public key of
`
`
`the first hardware agent.
`
`
`Step 270
`
`Second hardware agent transmits the
`responseto the first hardware agent.
`
`275
`
`Step
`
`Pp
`
`First hardware agent decrypts the response
`with the private key.
`
`Step 280
`
`Step 290
`Terminate
`communication link.
`
`No
`
` Step 285
`second hardware agentare secure.
`
`Yes
`
`Communications betweenthefirst and
`
`Figure 7B
`
`Page 9
`
`Page 9
`
`

`

`U.S. Patent
`
`Oct. 22, 1996
`
`Sheet 9 of 9
`
`5,568,552
`
`Continue from Figure 7B
`
`
`
`First hardware agent queries the second
`hardware agent to determine ifithasa
`
`valid licensed token.
`
`|Step 300
`
`No
`
`Does
`
`
`
`the second hardware
`
`agent havethe valid
`license token?
`
`
`Step 305
`
`Step 310
`
`token.
`
`Sequence
`:
`terminated
`without passing
`the valid license
`
`Second hardware agent confirmsto thefirst .
`hardware agent that a valid license token is
`
`Step 315
`
`
` First hardware agent initiates a transfer
`request to the second hardware agentfor
`the valid license token.
`
`Step 320
`
`Second hardware agent transfers the valid|Step 325
`
`available.
`
`license token to the first hardware agent.
`license token.
`Step 335
`
`Thefirst hardware agent internally stores
`the valid license token and transmits a
`messageto the second hardware agent
`indicating successful transfer of the valid
`
`Step 330
`
`Communication is terminated.
`
`Figure 7C
`
`Page 10
`
`Page 10
`
`

`

`5,568,552
`
`1
`METHOD FOR PROVIDING A ROVING
`SOFTWARE LICENSE FROM ONE NODE TO
`ANOTHER NODE
`
`RELATED APPLICATIONS
`
`This is a divisional of a U.S. patent application (applica-
`tion Ser. No. 08/303,084) filed Sep. 7, 1994. The named
`inventorof the present application also has filed a number of
`co-pending United States patent applications
`entitled
`“Apparatus and Method for Providing Secured Communi-
`cations” (Ser. No. 08/251,486) and “Key Cache Security
`System” (Ser. No. 08/365,347). These applications are
`owned by the same assignee of the present Application.
`
`BACKGROUNDOF THE INVENTION
`
`1. Field of the Invention
`
`Thepresent inventionrelates to licensing software. More
`particularity, the present invention relates to an apparatus
`and method for transferring access privileges for executing
`a licensed software program from an authorized node having
`a first hardware agent to a non-authorized node having a
`second hardware agent without violating a specific-user
`license.
`
`20
`
`25
`
`2. Background of Art Related to the Invention
`Early in the evolution of computer systems, modernized
`businesses typically employed a room-sized, centralized
`mainframe having several “dumb” terminals connected to
`the mainframe. With the emergence of smaller, faster and
`more powerful computers, many of these modernized busi-
`nesses have removed their centralized mainframes in favor
`of employing a number of stand-alone computers or a
`distributed network (e.g., a local area network) having a
`collection of personal computers, wherein each user has
`control over his or her own personal computer.
`Observing this decentralizing trend, many software devel-
`opers are licensing their software according to a particular
`licensing scheme commonlyreferred to as a “user-specific”
`license. The user-specific license generally permits a prede-
`termined number of individuals to operate a particular
`software program in a specific manner at any given time.
`Thus, the license is associated with the select number of
`individuals and not to certain nodes. For the scope ofthis
`application, a “node’’ is defined as an hardware product
`having “intelligence” such as a computer, printer, facsimile
`machine and thelike, preferably including the present inven-
`tion. A paramount problem associated with user-specific
`software licenses is that it indirectly encourages unautho-
`rized usage and/or copying of the licensed software which
`erodes potential licensing revenue for software developers.
`For many years, software developers have sought a way
`of protecting their software from being used and copied
`beyond the termsof the user-specific license while business
`licensees have been attempting to greatly mitigate any
`potential vicarious liability from illegal usage or copying of
`licensed software by their employees. Thus, there exists an
`interest by both the software developers and the business
`licensees alike to prevent
`the proliferation of software
`beyond the terms of the user-specific license.
`Currently, compliance with a user-specific software
`license is sometimes accomplished by using a physical
`hardware device referred to as a “dongle”. A dongle is a
`physical hardware device that is packaged with the licensed
`software program when initially purchased. It
`typically
`couples to a parallel port of a node e.g., a personal computer.
`
`45
`
`55
`
`60
`
`65
`
`2
`the licensed software
`At various times during execution,
`program of interest will transmit an authorization message
`(referred to as a “challenge”) to an active device employed
`within the dongle. The active device within the dongle
`processes the challenge using secret information (hereinafter
`referred to as a “valid license token”) stored internally
`within the dongle and generates a return message (referred
`to as a “response”). The software program compares this
`response to an expected response and permits further execu-
`tion only if these responses are identical.
`Thus, while the user is able to copy the licensed software
`program and load it onto multiple personal computers, only
`a first personal computer, to which the dongle is connected,
`would be able to execute this software program. In order to
`execute the licensed software program on another personal
`computer, the dongle must be physically removed from the
`first personal computer and coupled to the other personal
`computer. As a result, the software on the first personal
`computeris disabled.It is clear that multiple installations of
`the licensed software program do not cause any adverse
`fiscal effects to the software developer because the number
`of dongles provided to the business licensee is generally
`limited to the number of persons agreed to under the
`user-specific software license.
`Although the dongles ensure compliance with the user-
`specific license, it affords a numberof disadvantages. One
`disadvantage is that the dongle must be physically delivered
`to the customer. Thus, while systems for electronic delivery
`of software (referred to as ‘“‘content distribution”) are being
`proposed and implemented to increase convenience and -
`reduce distribution costs, the dongle, as a physical device,
`still requires the traditional distribution methodology with
`its associated costs. By requiring a dongle to protect the
`fiscal
`interests of the software developer,
`the customer
`would have to endure the onerous task of (i) directly
`obtaining the dongle at a chosen location and thereafter
`attaching the dongle to the node before being able to use the
`licensed software program, or (ii) ordering the licensed
`software program priorto its intended use sothat the content
`distributor has time to mail the dongle to the customer. In
`any event, the dongle impedes the efficiency and appeal-
`ability of content distribution.
`Another disadvantage is that the removal and attachment
`of the dongle is a time-consuming process. In a time-
`sensitive business, the exchange of the dongle effects the
`overall performanceof the business. A further disadvantage
`is continual removal and attachmentof the dongle increases
`the likelihood of the dongle becoming damaged and non-
`functional, requiring the business to await the new dongle
`before being able to use the software application again.
`Yet another disadvantage is that although the license is
`directed toward individuals, the dongle generally is attached
`to the node. Thus, if the user travels to another machine(e.g.,
`a personal computer located at his or her home), he or she
`is precluded from using the licensed software program
`unless the user has possession of the dongle.
`
`BRIEF SUMMARY OF THE INVENTION
`
`Based on the foregoing, it would be desirable to construct
`a cryptographic device with the functionality of an elec-
`tronic dongle as an integrated circuit component internally
`implemented within a node. Accordingly, it is an object of
`the present invention to provide an integrated circuit com-
`ponent for providing a roving software license without
`requiring continual physical manipulations of hardware.
`
`Page 11
`
`Page 11
`
`

`

`5,568,552
`
`3
`The integrated circuit component, generally referred to as
`a hardware agent, comprising a processing unit for perform-
`ing operations for identification purposes and a memory
`element including (i) non-volatile memory which stores a
`unique public/private key pair, (ii) a digital certificate which
`verifies the authenticity of the key pair and (iii) a public key
`of a chosen entity (preferably the manufacturer of the
`integrated circuit component) which enables communication
`between the integrated circuit component and other similar
`components fabricated by the manufacturer. The non-vola-
`tile memory also may be used contain cryptographic algo-
`rithms. The integrated circuit component further includes
`volatile memory that stores information processed by the
`processing unit, an interface in order to receive information
`in encrypted or decrypted format from and/or transmit
`information to other similar component(s) via a communi-
`cation bus and a random numbergeneratorthat produces the
`unique public/private key pair.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The objects, features and advantagesof the present inven-
`tion will become apparent from the following detailed
`description of the present invention in which:
`FIG. 1 is a block diagram illustrating a bidirectional
`symmetric key encryption and decryption process.
`FIG. 2 is a block diagram illustrating a bidirectional
`asymmetric key encryption and decryption process.
`FIG. 3 is a block diagram illustrating a digital certification
`process from a trusted authority.
`FIG. 4 is a block diagram of a computer system incor-
`porating an embodiment of the present invention.
`FIG. 5 is a block diagram of an embodimentof the present
`invention.
`
`FIG. 6 is a flowchart illustrating the method for imple-
`menting pair and digital certificate into an integrated circuit
`component.
`FIGS. 7A-7C are flowcharts illustrating the operations of
`a first hardware agent establishing communications with a
`second hardware agent in order to transfer a valid license
`token between the second hardware agent having licensed
`privileges and the first hardware agent.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`The present invention relates to an apparatus and method
`for enabling a roving software license to be transferred
`between appropriately configured hardware agents thereby
`eliminating the need for a distributable physical hardware
`device. In the following description, numerous details are set
`forth in order to provide a thorough understanding of the
`present invention. However, it is apparent to one skilled in
`the art that the present invention may be practiced through
`many different embodiments than that illustrated without
`deviating from the spirit and scope of the present invention.
`In other instances, well-known circuits, elements and the
`like are not set forth in detail in order to avoid unnecessarily
`obscuring the present invention.
`In the detailed description, a number of cryptography-
`related terms are frequently used to describe certain char-
`acteristics or qualities which is defined herein. A “key” is an
`encoding and/or decoding parameter for a conventional
`cryptographic algorithm. More specifically,
`the key is a
`sequential distribution (“string”) of binary data being “n”
`bits in length, where “‘n” is an arbitrary number. A “message”
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`is generally defined as information (e.g., encrypted keys
`address and data) being transferred in a sequence of bus
`cycles. The information may include a challenge or a return
`response. A “digital certificate” is defined as any information
`pertaining to an entity initiating communications, typically
`its public key, encrypted through use of a private key by a
`widely published trusted authority (e.g., bank, governmental
`entity, trade association,etc.). A “digital signature” is similar
`to a digital certificate but is used for authentication of the
`messageitself, not the sender.
`In recent years, itis becoming more and moredesirable to
`transmitdigital information from one location to another. As
`a result, many entities are now using cryptographic technol-
`ogy so that the information is transferred in a manner which
`is clear and unambiguous to a legitimate receiver, but
`incomprehensible to any illegitimate recipients. Typically,
`cryptographic technology operates in accordance with one
`of two conventional
`techniques; namely, symmetric key
`cryptography or asymmetric (or public) key cryptography or
`a combination of these cryptographic technologies.
`Referring to FIG. 1, an illustrative embodiment of the
`symmetric key cryptography technique is illustrated. This
`technique requires the use of an identicali.e., symmetric
`secret key (labeled “SK”? 1 to encrypt an original message
`5 being transmitted between a first node 10 and a second
`node 15 to form an encrypted original message 20 and to
`decrypt the encrypted original message 20 to recover the
`original message 5. Such encryption and decryption is
`performed through well-known conventional cryptographic
`algorithmssuch as, for example, the Data Encryption Algo-
`rithm, more commonly referred to as “DES”. The original
`message5 is (i) encrypted atthefirst node 10, (ii) transmit-
`ted from the first node 10 to the second node 15 through a
`public domain 25 such as a telephone lines and the like and
`(iii) decrypted at the second node 15. However, this tech-
`nique is difficult to support with a large numberof users
`because it
`requires prior establishment of secret keys
`(“SK”).
`Referring now to FIG. 2, an illustrative embodiment of
`the asymmetric key technique is shown. This technique
`employs two separate keys (referred to as a ‘‘public key” and
`“private key”) being used separately for encryption and
`decryption purposes. For establishing bidirectional commu-
`nications from the first node 10 to the Second node 15, a
`“public” key 16 of the key pair of the second node 15
`(labeled “PUK2”’) is stored in and generally used by thefirst
`node 10 to encrypt an original message 30 under an asym-
`metric “RSA” algorithm well known in cryptography. This
`forms an encrypted original message 35 to be transmitted to
`the second node 15. A public and private key pair 11 and 12
`of the first node 10 (labeled “PUK1” and “PRK1’) are
`further stored in the first node 10.
`
`A “private” key 17 of the key pair of the second node 15
`(labeled “PRK2”) is exclusively known and used by the
`second node 15 for many purposes, including to decrypt the
`encrypted message 35 from thefirst node 10 under the RSA
`algorithm as shown in FIG. 2. However, this technique is
`susceptible to attempts by an illegitimate entity (e.g., com-
`mercial
`spy)
`to impersonate a legitimate entity (e.g.,
`employee, joint-venturer, etc.) by sending fraudulent mes-
`sages to anotherlegitimate entity for the purpose ofdisrupt-
`ing work flow or obtaining confidential information. Thus,
`additional protocols are commonly used to authenticate a
`message and legitimize the entity sending the message.
`the
`Authentication of the sender (i.e., verifying that
`senderof a public key is, in fact, the true ownerof the public
`
`Page 12
`
`Page 12
`
`

`

`5,568,552
`
`5
`key) is a problem when communicationsareinitially estab-
`lished between previously unknownparties. This problem is
`commonly avoided by incorporating a digital certificate 45
`within a transmission message 50. Thedigital certificate 45
`is issued by a mutually trusted authority 55 (e.g., a bank,
`governmental entity, trade association, etc.) by encrypting a
`public key of the node initiating the communications
`(“PUK1”) 11 with a signature statement (labeled “SM”) 58
`with a private key (“PRKTA”) 57 of the trusted authority 55
`so that fraudulent attempts to use PUK2 16 will simply result
`in an unreadable responseto the transmission messagebyits
`recipient. The selected trusted authority 55 depends on the
`parties involved. For example, two individuals employed by
`the same business could both trust the certificates issued by
`a corporate security office of the business. Employees of two
`independent business entities, however, would require not
`only the certificates from the respective security offices, but
`also the certificates from, for example, some industry trade
`organization that certifies such businessentities.
`In this approach, multiple operations are concurrently
`performed to construct the transmission message 50. One
`operation is that the original message 40 is encrypted using
`a symmetric secret key (SK”) 60 via the DES algorithm to
`form the encrypted message 65 which is input into the
`transmission message 50 along with the digital certificate
`45. The original message 40 also undergoes a hash algorithm
`70 (e.g., “MDS5”) to form a transmitted message digest 75.
`The transmitted message digest 75 is further encrypted using
`a private key of the first node (“PRK1”) 12 to form a digital
`signature 80 which is input into the transmission message
`50. Additionally, the symmetric key (“SK”) 60 is encrypted
`with a public key of the second node (“PUK2”) 16 underthe
`RSAalgorithm resulting in “SK,,,,” 85 and further input to
`the transmission message 50.
`Referring still to FIG. 3, upon receipt of the transmission
`message 50 from the first node 10 being transmitted through
`the public domain 25, the second node 15 decrypts the SK,,,.
`85 with its private key CPRK2’’) 17 andthedigital certificate
`45 with a published public key (“PUBTA”) of the trusted
`authority 55 to obtain SK 60 and PUK1 11. These SK and
`PUKI1keys 60 and 11 are used to decrypt the encrypted
`original message 65 and the digital signature 80to retrieve
`the transmitted message digest 75 and the original message
`40, respectively. The original message 40 then undergoes a
`hash algorithm 85, identical to that performed in the first
`node 10. The results (referred to as a “received message
`digest”) 90 are compared to the transmitted message digest
`75. If the transmitted message digest 75 is identical to the
`received message digest 90, communications are maintained
`between these legitimate nodes.
`Referring to FIG. 4, an illustrative embodiment of a
`computer system 100 utilizing the present
`invention is
`illustrated. The computer system 100 comprises a plurality
`of bus agents including a host processor 105, a memory
`device 110, an input/output (“I/O”) controller 115 and a
`cryptographic device referred to as a “hardware agent” 120.
`The plurality of bus agents are coupled together through a
`system bus 130 which enables information to be communi-
`cated between these bus agents.
`Being well-known in the computerindustry, it is contem-
`plated that more than one host processor could be employed
`within the computer system 100 although only the host
`processor 105is illustrated in this embodiment. Moreover,
`the memory device 110 may include dynamic random access
`memory (“DRAM”), read only memory (“ROM”), video
`random access memory (“WRAM”) and the like. The
`memory device 110 stores information for use by the host
`processor 105.
`
`15
`
`20
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`6
`The V/O controller 115 is an interface between an V/O bus
`135 and the system bus 130 which provides a communica-
`tion path (ie., gateway)
`for
`transferring information
`between components coupled to the system bus 130 or the
`V/O bus 135. The I/O bus 135 transfers information into and
`from at least one peripheral device in the computer system
`100 including, but not limited to a display device 140 (e.g.,
`cathode ray tube, liquid crystal display, etc.) for displaying
`images; an alphanumeric input device 145 (e.g., an alpha-
`numeric keyboard, etc.) for communicating information and
`command selections to the host processor 105; a cursor
`contro] device 150 (e.g., a mouse, trackball, touch pad,etc.)
`for controlling cursor movement; a mass data storage device
`155 (e.g., magnetic tapes, hard disk drive, floppy disk drive,
`etc.) for storing information; an information transceiver
`device 160 (fax machine, modem, scanneretc.) for trans-
`mitting information from the computer system 100 to
`another device and for receiving information from another
`device; and a hard copy device 165 (e.g., plotter, printer,
`etc.) for providing a tangible, visual representation of the
`information. It is contemplated that the computer system
`shown in FIG. 4 may employ someorall of these compo-
`nents or different components than thoseillustrated.
`Referring now to an embodimentofthe present invention
`as shownin FIG.5, the hardware agent 120 is coupledto the
`system bus 130 establishing a communication path with the
`host processor 105 as well as the memory and I/O controllers
`(not shown). The hardware agent 120 comprises a single
`integrated circuit in the form of a die 121 (e.g., a micro-
`controller) encapsulated within an integrated circuit compo-
`nent package 122, preferably hermetically, to protect the die
`121 from damage and harmful contaminants. The die 121
`comprises a processing unit 123 coupled to a memory
`element 124, a bus interface 125 and a number generator
`126. The bus interface 125 enables communication from the
`hardware agent 120 to another device(e.g., the host proces-
`sor, another hardware agent in another device, etc.). The
`processing unit 123 performs computationsinternally within
`a secured environment within the die 121 to confirm a valid
`connection with an authorized receiver. Such computations
`include executing certain algorithms and protocols, activat-
`ing circuitry (e.g., the number generator 126 being prefer-
`ably random in nature) for generating a device-specific
`public/private key pair and the like. The processing unit 123
`is placed within the die 121 to prevent access of the private
`key through virus attack, which is a common method of
`disrupting a computer system to obtain its private key and
`other information.
`
`The memory element 124 includes a non-volatile memory
`element 127, such as flash memory, which stores appropriate
`cryptographic algorithms such as “RSA” and “DES”, the
`public/private key pair 127a, a digital certificate for verify-
`ing the authenticity of the key pair (labeled “DC”) 1276 and
`a public key of the manufacturer of the integrated circuit
`component (“PUKM”) 127c for enabling communication
`between the integrated circuit component and another simi-
`lar device fabricated by the manufacturer (discussed in more
`detail in FIG. 6). This non-volatile memory 127 is used
`primarily because it retains its contents when supply power
`is discontinued. The memory unit 124 further includes
`random access memory (“RAM”) 128 in order to store
`certain results from the processing unit 123.
`Although the hardware agent 120 is implemented as a
`peripheral device on the system bus 130 for greater security,
`it is contemplated that the hardware agent 130 could be
`implemented in several other ways at the PC platform level
`such as, for example, as a disk controller or PCMCIA card
`
`Page 13
`
`Page 13
`
`

`

`5,568,552
`
`7
`to automatically decrypt and/or encrypt information being
`inputted and outputted from a hard disk. Anotheralternative
`implementation would be for the hardware agent to be one
`component of a multi-chip module including the host pro-
`cessor as discussed below. Furthermore, even though the
`hardware agent is described in connection with PC plat-
`forms, it is contemplated that such hardware agent could be
`implemented within node such as a fax machine, printer and
`the like or on acommunication path between a computer and
`the I/O peripheral device.
`Referring to FIG. 6, a flowchart of the operations for
`manufacturing the present invention is illustrated. First, in
`Step 100, the die of the hardware agent is manufactured
`according to any conventional well-known semiconductor
`manufacturing technique. Next,
`the die is encapsulated
`within a semiconductor packageso as to form the hardware
`agent itself (Step 105). The hardware agentis placed onto a
`certification system which establishes an electrical and
`mechanical coupling between the hardware agent and the
`certification system (Step 110). The certification system
`comprises a carrier coupled to a printed circuit board for
`generating and receiving electrical signals for certification of
`the hardware agent. The certification system further com-
`prises a storage device (e.g., a database) of previously
`generated public keys to guarantee unique key generation.
`Thereafter, the certification system supplies power to the
`hardware agent which powers the random numbergenerator
`enabling it to generate a device-specific public/private key
`pair internally within the hardware agent (Step 115).
`After the public/private key pair has been generated
`within the hardware agent,
`the public key of the public/
`private key pair is transmitted to the certification system
`(Step 120). The public key is compared with those previ-
`ously generated public keys from previously manufactured
`hardware agents being stored in the storage device (Step
`125). In the unlikely eventthat the public key is identical to
`one of the previously generated public keys (Step 130), the
`hardware agent is signaled by the certification system to
`generate another such public/private key pair (Step 135) and
`continue this process from Step 120 to ensure that each
`public/private key pair is unique.
`In the event that the public key is unique, the storage
`device is updated with this unique public key (Step 140).
`Thereafter, in Step 145, the certification system creates a
`unique devicecertificate verifying the authenticity of the key
`pair (hereinafter referred to as the “authentication device
`certificate”), The authentication device certificate will
`include at
`least
`the public key of the device “digitally
`signed” with the secret private manufacturing key (i.e. in
`general terms, encrypting the public key of the device with
`the manufacturer’s private key). This authentication device
`certificate along with the manufacturer’s generally known
`public key are input to the hardwa