Secure Circuit For Encryption Key Generation

Organization Name

Apple Inc.

Inventor(s)

Wade Benson of San Jose CA (US)

Libor Sykora of Prague (CZ)

Vratislav Kuzela of Cakovicky (CZ)

Michael Brouwer of Los Gatos CA (US)

Andrew R. Whalley of San Francisco CA (US)

Jerrold V. Hauck of Windermere FL (US)

David Finkelstein of Sunnyvale CA (US)

Thomas Mensch of Sunnyvale CA (US)

Secure Circuit For Encryption Key Generation - A simplified explanation of the abstract

This abstract first appeared for US patent application 18447083 titled 'Secure Circuit For Encryption Key Generation

Simplified Explanation

The patent application describes a technique related to a public key infrastructure (PKI). It introduces an integrated circuit that includes a processor and a secure circuit isolated from access by the processor, except through a mailbox mechanism. The secure circuit is designed to generate a key pair consisting of a public key and a private key. It can also issue a certificate signing request (CSR) to a certificate authority (CA) for a certificate corresponding to the key pair.

• The integrated circuit includes a processor and a secure circuit isolated from access by the processor.
• The secure circuit generates a key pair (public key and private key) and issues a certificate signing request (CSR) to a certificate authority (CA).
• The secure circuit can receive a request from an application executing on the processor to issue a certificate to the application.
• The secure circuit can perform cryptographic operations using a public key circuit included in the secure circuit.

Potential applications of this technology:

• Secure communication: The PKI infrastructure provided by this technology can be used to establish secure communication channels between entities, ensuring confidentiality and integrity of data transmission.
• Authentication and digital signatures: The generated key pair and certificates can be used for authentication purposes, verifying the identity of individuals or devices, and for creating digital signatures to ensure the integrity and non-repudiation of digital documents.
• Secure transactions: This technology can be applied in e-commerce and online banking systems to secure online transactions, protecting sensitive information such as credit card details.

Problems solved by this technology:

• Security vulnerabilities: The secure circuit isolated from the processor helps mitigate security risks associated with direct access to cryptographic operations, protecting against unauthorized access or tampering.
• Key management: The generation and management of key pairs and certificates are simplified and secured within the integrated circuit, reducing the complexity and potential errors in key management processes.

Benefits of this technology:

• Enhanced security: The isolated secure circuit and cryptographic operations performed within it provide a higher level of security, protecting sensitive information and preventing unauthorized access.
• Simplified key management: The integrated circuit streamlines the generation and management of key pairs and certificates, reducing the complexity and potential errors in key management processes.
• Scalability: The technology can be implemented in various systems and applications, accommodating a large number of users and devices in a scalable manner.

Original Abstract Submitted

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.