Secure distribution of device key sets over a network

Assignee

• ARRIS Enterprises LLC · US

Inventors

• Alexander Medvinsky · San Diego, US
• Jinsong Zheng · San Diego, US
• Jason A. Pasion · San Diego, US
• Xin Qiu · San Diego, US
• Tat Keung Chan · San Diego, US
• Eric Eugene Berry · El Cajon, US
• Michael Ryan Pilquist · Souderton, US
• Douglas M. Petty · Chesterfield, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0884
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.