1. Patent Search
  2. Details

PROVISIONING SYSTEM AND METHOD

20220156360 · 2022-05-19

    Inventors

    Cpc classification

    International classification

    Abstract

    A provisioning system includes a provisioning apparatus configured to be electrically connected with at least one of a plurality of electronic devices for provisioning at least one electronic device. The provisioning apparatus is configured to obtain device type information about the electronic device type of the plurality of electronic devices and to issue a request for provisioning data based on the device type information. The provisioning system has a provisioning security module configured to receive the request for provisioning data from the provisioning apparatus and generate provisioning data in response to the request. The provisioning security module is configured to transmit the provisioning data to the provisioning apparatus to provide at least one electronic device with provisioning data. The provisioning security module is configured to maintain a provisioning counter indicative of a remaining number of the plurality of electronic devices that can be provisioned with provisioning data.

    Claims

    1. A provisioning system for provisioning a plurality of electronic devices with provisioning data, each of the plurality of electronic devices being associated with an electronic device type, wherein the production provisioning system comprises: a provisioning apparatus configured to be electrically connected with at least one of the plurality of electronic devices for provisioning the at least one electronic device, wherein the provisioning apparatus is further configured to obtain device type information about the electronic device type of the plurality of electronic devices and to issue a request for provisioning data based on the device type information; and a provisioning security module configured to receive the request for provisioning data from the provisioning apparatus and to generate provisioning data in response to the request, wherein the provisioning security module is further configured to transmit the provisioning data to the provisioning apparatus for provisioning the at least one electronic device with provisioning data; wherein the provisioning security module is further configured to maintain a provisioning counter indicative of a remaining number of the plurality of electronic devices that can be provisioned with provisioning data.

    2. The provisioning system of claim 1, wherein the provisioning security module is further configured to update the provisioning counter for each provisioned electronic device of the plurality of electronic devices to obtain an updated provisioning counter.

    3. The provisioning system of claim 2, wherein the provisioning security module is configured to update the provisioning counter for each provisioned electronic device of the plurality of electronic devices by decrementing or incrementing the provisioning counter for each provisioned electronic device of the plurality of electronic devices to obtain the updated provisioning counter.

    4. The provisioning system of claim 1, wherein the provisioning security module is further configured to block provisioning of a further electronic device of the plurality of electronic devices, if the updated provisioning counter indicates that the remaining number of the plurality of electronic devices that can be provisioned has been reached.

    5. The provisioning system of claim 1, wherein the provisioning data comprises at least a first portion and a second portion, wherein the provisioning security module is configured to transmit the first portion of the provisioning data to the provisioning apparatus and to transmit the second portion of the provisioning data to the provisioning apparatus, in response to receiving a further request from the provisioning apparatus based on the device type information.

    6. The provisioning system of claim 1, wherein the provisioning apparatus is further configured to determine the electronic device type of the plurality of electronic devices for obtaining the device type information about the electronic device type of the plurality of electronic devices.

    7. The provisioning system of claim 1, wherein the provisioning data comprises at least one of an identifier for the at least one electronic device, one or more cryptographic keys, one or more rules for operating and/or updating the at least one electronic device.

    8. The provisioning system of claim 1, wherein the provisioning security module is further configured to receive an electronic token and to set the provisioning counter on the basis of information of the electronic token, wherein the information of the electronic token is indicative of a maximum number of the plurality of electronic devices that can be provisioned with provisioning data.

    9. The provisioning system of claim 8, wherein the electronic token further comprises data defining one or more validity time periods of the electronic token and wherein the security provisioning module is further configured to block provisioning of a further electronic device of the plurality of electronic devices outside of the one or more validity time periods.

    10. The provisioning system of claim 8, wherein the electronic token further comprises a token identifier for identifying the electronic token and wherein the security provisioning module is further configured to store the token identifier in a list of electronic tokens already used or in use.

    11. The provisioning system of claim 8, wherein the security provisioning module is configured to receive the electronic token in encrypted form and wherein the security provisioning module is further configured to decrypt the encrypted electronic token.

    12. The provisioning system of claim 8, wherein the electronic token comprises a digital signature based on a private key of a token generator server and wherein the security provisioning module is configured to verify the digital signature of the electronic token using a public key of the token generator server.

    13. A method for provisioning a plurality of electronic devices with provisioning data, each of the plurality of electronic devices being associated with an electronic device type, wherein the method comprises: obtaining, by a provisioning apparatus, device type information about the electronic device type of the plurality of electronic devices, wherein the provisioning apparatus is configured to be electrically connected with at least one of the plurality of electronic devices for provisioning the at least one electronic device; issuing a request, by the provisioning apparatus, for provisioning data based on the device type information; generating, by a provisioning security module, provisioning data in response to the request; transmitting, by the provisioning security module, the provisioning data to the provisioning apparatus for provisioning the at least one electronic device with provisioning data; and maintaining, by the provisioning security module, a provisioning counter indicative of a remaining number of the plurality of electronic devices that can be provisioned with provisioning data.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0028] Further embodiments of the invention will be described with respect to the following figures, wherein:

    [0029] FIG. 1 shows a schematic diagram illustrating a provisioning system according to an embodiment of the invention;

    [0030] FIG. 2 shows a schematic diagram illustrating an exemplary electronic token used by the provisioning system of FIG. 1;

    [0031] FIG. 3 shows a signaling diagram illustrating the interaction of several components of the provisioning system of FIG. 1; and

    [0032] FIG. 4 shows a flow diagram illustrating steps of a provisioning method according to an embodiment of the invention.

    [0033] In the figures, identical reference signs will be used for identical or at least functionally equivalent features.

    DETAILED DESCRIPTION OF EMBODIMENTS

    [0034] In the following detailed description, reference is made to the accompanying drawings, which form part of the disclosure, and in which are shown, by way of illustration, specific aspects in which the present invention may be implemented. It is understood that other aspects may be utilized, and structural or logical changes may be made without departing from the scope of the present invention. The following detailed description, therefore, is not to be taken in a limiting sense, as the scope of the present invention is defined by the appended claims.

    [0035] For instance, it is understood that a disclosure in connection with a described method may also hold true for a corresponding device or system configured to perform the method and vice versa. For example, if a specific method step is described, a corresponding device may include a unit to perform the described method step, even if such unit is not explicitly described or illustrated in the figures. Further, it is understood that the features of the various exemplary aspects described herein may be combined with each other, unless specifically noted otherwise.

    [0036] FIG. 1 shows a schematic diagram of a system 100 according to an embodiment of the invention, including a provisioning system 130 according to an embodiment of the invention for provisioning or personalizing a plurality of electronic devices 180, 180′ such as chips or microprocessors 180, 180′ with provisioning data 150, wherein each of the plurality of electronic devices 180, 180′ is associated with an electronic device type. In an embodiment, the provisioning data 150 may comprise an unique identifier for the at least one electronic device 180, 180′, one or more cryptographic keys, one or more rules for operating and/or updating the at least one electronic device 180, 180′ and/or a firmware for the electronic device 180, 180′.

    [0037] As illustrated in FIG. 1, the provisioning system 130 comprises a provisioning apparatus 160 configured to be electrically connected with at least one of the plurality of electronic devices 180, 180′ for provisioning the at least one electronic device 180, 180′. The provisioning apparatus 160 may comprise an electrical and/or mechanical interface for interacting directly or indirectly with one or more of the plurality of electronic devices 180, 180′. For instance, the provisioning apparatus 160 may comprise a personalization tray for personalizing a batch of electronic devices 180, 180′ inserted therein.

    [0038] The provisioning apparatus 160 is further configured to obtain device type information about the electronic device type of the plurality of electronic devices 180, 180′ and to issue a request for provisioning data 150 based on the device type information. In other words, based on the device type information the provisioning apparatus 160 may determine the type of provisioning data necessary for provisioning an electronic device 180, 180′ of this type and to generate a corresponding request for provisioning data for this type. In an embodiment, the provisioning apparatus 160 may be configured to determine the electronic device type of the electronic devices 180, 180′ connected to its electrical and/or mechanical interface(s).

    [0039] As illustrated in FIG. 1, the provisioning system 130 further comprises a provisioning security module 140 configured to receive the request for provisioning data 150 from the provisioning apparatus 160 and to generate provisioning data 150 in response to the request. The provisioning security module 140 is further configured to transmit the provisioning data 150 to the provisioning apparatus 160 for provisioning the at least one electronic device 180, 180′ with provisioning data 150. The provisioning security module 140 is further configured to maintain a provisioning counter indicative of a remaining number of the plurality of electronic devices 180, 180′ that can be provisioned with provisioning data 150.

    [0040] As will be described in more detail further below, the system 100 may comprise in addition to the provisioning system 130 a remote server 110 and a token generator server 120. As illustrated in FIG. 1, the provisioning system 130, the remote server 110 and the token generator server 120 may be configured to communicate with each other via a communication network, such as the Internet. Thus, the provisioning system 130, the remote server 110 and the token generator server 120 may be at different locations and under the control of different parties. In an embodiment, the remote server 110 may be under the control or associated with an electronic equipment manufacturer, e.g., an OEM, wherein the electronic equipment manufacturer assembles electronic equipment, such as smart phones, tablet computers or other types of IoT or electronic consumer equipment, using the electronic devices 180, 180′ provisioned by the provisioning system 130 with the provisioning data 150. In an embodiment, the provisioning data 150 may comprise a firmware of the electronic equipment manufacturer associated with the remote server 110. Advantageously, this allows the electronic equipment manufacturer to have control over the provisioning of the electronic devices 180, 180′ with its firmware.

    [0041] In an embodiment, the provisioning system 130, the remote server 110 and the token generator server 120 are configured to securely communicate with each other using one or more cryptographic schemes, such as a public key infrastructure and/or a hybrid cryptographic scheme.

    [0042] In an embodiment, the provisioning security module 140 is configured to be coupled to the provisioning apparatus 160, for instance, by a wired or a wireless connection. In an embodiment, the provisioning apparatus 160 may be implemented as a personal computer and the provisioning security module 140 may be implemented as a PC card inserted in the provisioning control apparatus 160.

    [0043] In an embodiment, the provisioning security module 140 is configured to update the provisioning counter for each provisioned electronic device of the plurality of electronic devices 180, 180′ to obtain an updated provisioning counter. For instance, the provisioning security module 140 may be configured to update the provisioning counter for each provisioned electronic device of the plurality of electronic devices 180, 180′ by decrementing the provisioning counter for each provisioned electronic device of the plurality of electronic devices 180, 180′ to obtain the updated provisioning counter. In another embodiment, the provisioning counter may be incremented until the maximum number of allowed electronic devices 180, 180′ have been provisioned. The provisioning security module 140 may be further configured to block provisioning of a further electronic device of the plurality of electronic devices 180, 180′, if the updated provisioning counter indicates that the remaining number of the plurality of electronic devices 180, 180′ that can be provisioned has been reached, e.g. if the updated provisioning counter is equal to zero (in case of decrementing the provisioning counter for each device) or equal to the maximum number of allowed electronic devices 180, 180′ (in case of incrementing the provisioning counter for each device). In other words, once the total number of electronic devices 180, 180′ have been provisioned, the provisioning security module 140 will prevent the provisioning of any further electronic devices 180, 180′ with the provisioning data 150 by the provision equipment 170.

    [0044] In an embodiment, the provisioning security module 140 may be further configured to receive an electronic token 190 (illustrated in more detail in FIG. 2), for instance, from the remote OEM server 110 or the token generator server 120, and to set or update the provisioning counter on the basis of information 192 contained in the electronic token 190, wherein the information 192 of the electronic token 190 is indicative of a maximum number of the plurality of electronic devices 180, 180′ that can be provisioned with provisioning data 150.

    [0045] In an embodiment, the security provisioning module 140 is configured to receive the electronic token 190 in encrypted form, wherein the security provisioning module 140 is further configured to decrypt the encrypted electronic token 190. In an embodiment, the electronic token 190 comprises a digital signature 198 (see FIG. 2) based on a private key 121a of the token generator server 120, wherein the security provisioning module 140 is configured to verify the digital signature 198 of the electronic token 190 using a public key 121b of the token generator server 120.

    [0046] As illustrated in FIG. 2, the electronic token 190 may further comprise data 197 defining one or more validity time periods of the electronic token 190, wherein the security provisioning module 140 is further configured to block provisioning of a further electronic device of the plurality of electronic devices 180, 180′ outside of the one or more validity time periods. In an embodiment, the one or more validity time periods may comprise a time period by when the electronic token 190 has to be used for the first time for provisioning an electronic device 180, 180′ (i.e., a validity period for the token acceptance). In a further embodiment, the one or more validity time periods may comprise a time period defining up to when the electronic token 190 can be used for provisioning electronic devices 180, 180′ (i.e., an expiry period of the electronic token 190).

    [0047] In the embodiment shown in FIG. 2, the electronic token 190 further comprises a token identifier 193 for identifying the electronic token 190, wherein the security provisioning module 140 is further configured to store the token identifier 193 in a list of electronic tokens already used or in use in order to prevent replay attacks. In an embodiment, the token identifier 193 may be a nonce 193.

    [0048] As illustrated in FIG. 2, the electronic token 190 may comprise further data, such as provisioning control data 191 for controlling communications between the security provisioning module 140 and the provisioning apparatus 160. In an embodiment, these provisioning control data 191 may be provided in a header 191 of the electronic token 190. In an embodiment, the provisioning control data 191 may identify a secure communication protocol for securing the communication between the security provisioning module 140 and the provisioning apparatus 160. As illustrated in FIG. 2, the electronic token 190 may further comprise, for instance, an OEM identifier 194, a firmware identifier 195, an electronic device type identifier 196.

    [0049] FIG. 3 shows a signaling diagram illustrating the interaction of the components of the provisioning system 130 and the electronic device(s) 180, 180′ to be provisioned. In FIG. 3 the following steps are illustrated, some of which already have been described in the context of FIGS. 1 and 2 above.

    [0050] In step 301 of FIG. 3, the provisioning apparatus 160 obtains information about the electronic device type of the currently to be provisioned electronic device(s) 180, 180′, such as the electronic device(s) 180, 180′ currently inserted into a personalization tray of the provisioning apparatus 160.

    [0051] In step 303 of FIG. 3, the provisioning apparatus 160 based on the information about the electronic device type of the currently to be provisioned electronic device(s) 180; 180′ generates a corresponding request for provisioning data and transmits the request to the security provisioning module 140.

    [0052] In step 305 of FIG. 3, the security provisioning module 140 checks whether the current value of the electronic provisioning counter allows provisioning of a further electronic device 180. If this is the case, the security provisioning module 140 decrements the electronic provisioning counter (step 307) and generates either all of the provisioning data 150 or at least a portion of the provisioning data 150 (step 309). In the embodiment shown in FIG. 3, the provisioning data 150 comprises a plurality of data sets or chunks, including at least a first data set (Data A) and a second data set (Data B).

    [0053] In step 311 of FIG. 3, the security provisioning module 140 forwards the first data set (Data A) of the provisioning data 150 to the provisioning apparatus 160.

    [0054] In step 313 of FIG. 3, the provisioning apparatus 160 writes the first data set of the provisioning data 150 to the electronic device(s) 180, 180′, such as to a memory of the electronic device(s) 180, 180′ (as will be appreciated, in an embodiment, where the provisioning data 150 only includes the first data set generated in step 309, the provisioning would be complete with step 315 of FIG. 3). Once the electronic device(s) 180, 180′ has been provisioned with the first data set of the provisioning data 150, the provisioning apparatus 160 sends a request for at least one further portion of the provisioning data 150 to the security provisioning module 140 for continuing and completing the provisioning of the current electronic device(s) 180, 180′ (step 315).

    [0055] In step 317 of FIG. 3, in response to receiving the further request from the provisioning apparatus 160, the security provisioning module 140 transmits the next portion, e.g., the second data set (Data B) of the provisioning data 150 to the provisioning apparatus 160.

    [0056] In step 319 of FIG. 3, the provisioning apparatus 160 writes the second data set of the provisioning data 150 to the electronic device(s) 180, 180′, such as to a memory of the electronic device(s) 180, 180′.

    [0057] As will be appreciated, the sequence of steps 315-319 may be repeated until all of the data sets making up the provisioning data 150 have been provided to the currently provisioned electronic device(s) 180, 180′. Once this has been completed, the next electronic device 180; 180′ or batch of electronic devices 180, 180′ may be provisioned in the way illustrated in FIG. 3. As will be appreciated, in the embodiment shown in FIG. 3, the provisioning apparatus 160 can be considered as the master of the provisioning sequence. For doing so, in an embodiment, the provisioning apparatus 160 may be configured to call individual script functions provided by an external API of the security provisioning module 140. In other words, the provisioning apparatus 160 may allocate and/or deallocate the device context, i.e., the provisioning data 150 for a respective electronic device 180, 180′. As already described above, the provisioning counter is decremented before any data can be generated or accessed for each electronic device 180, 180′ provisioned.

    [0058] FIG. 4 shows a flow diagram illustrating steps of a corresponding provisioning method 400 according to an embodiment of the invention. The provisioning method 400 according to an embodiment of the invention comprises the following steps:

    [0059] Step 401: obtaining, by the provisioning apparatus 160, device type information about the electronic device type of the plurality of electronic devices 180, 180′, wherein the provisioning apparatus 160 is configured to be electrically connected with at least one of the plurality of electronic devices 180, 180′ for provisioning the at least one electronic device 180, 180′.

    [0060] Step 403: issuing a request, by the provisioning apparatus 160, for provisioning data 150 based on the device type information.

    [0061] Step 405: generating, by the provisioning security module 140, provisioning data 150 in response to the request.

    [0062] Step 407: transmitting, by the provisioning security module 140, the provisioning data 150 to the provisioning apparatus 160 for provisioning the at least one electronic device 180, 180′ with provisioning data 150.

    [0063] Step 409: maintaining, by the provisioning security module 140, a provisioning counter indicative of a remaining number of the plurality of electronic devices 180, 180′ that can be provisioned with provisioning data 150.

    [0064] While a particular feature or aspect of the disclosure may have been disclosed with respect to only one of several implementations or embodiments, such feature or aspect may be combined with one or more other features or aspects of the other implementations or embodiments as may be desired and advantageous for any given or particular application.

    [0065] Furthermore, to the extent that the terms “include”, “have”, “with”, or other variants thereof are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprise”. Also, the terms “exemplary”, “for example” and “e.g.,” are merely meant as an example, rather than the best or optimal. The terms “coupled” and “connected”, along with derivatives may have been used. It should be understood that these terms may have been used to indicate that two elements cooperate or interact with each other regardless of whether they are in direct physical or electrical contact, or they are not in direct contact with each other.

    [0066] Although specific aspects have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that a variety of alternate and/or equivalent implementations may be substituted for the specific aspects shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific aspects discussed herein.

    [0067] Although the elements in the following claims are recited in a particular sequence, unless the claim recitations otherwise imply a particular sequence for implementing some or all of those elements, those elements are not necessarily intended to be limited to being implemented in that particular sequence.

    [0068] Many alternatives, modifications, and variations will be apparent to those skilled in the art in light of the above teachings. Of course, those skilled in the art readily recognize that there are numerous applications of the invention beyond those described herein. While the present invention has been described with reference to one or more particular embodiments, those skilled in the art recognize that many changes may be made thereto without departing from the scope of the present invention. It is therefore to be understood that within the scope of the appended claims and their equivalents, the invention may be practiced otherwise than as specifically described herein.