An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key.
|Publication status||Published - 2012 Jul 17|
Subject classification (UKÄ)
- Computer Science