US 12,261,931 B2
Method and apparatus for provisioning node-locking confidential data
Tat Keung Chan, San Diego, CA (US); Alexander Medvinsky, San Diego, CA (US); Rafie Shamsaasef, San Diego, CA (US); and Fariba Barez, San Diego, CA (US)
Assigned to ARRIS Enterprises LLC, Suwanee, GA (US)
Filed by ARRIS Enterprises LLC, Suwanee, GA (US)
Filed on Feb. 9, 2023, as Appl. No. 18/107,902.
Claims priority of provisional application 63/308,442, filed on Feb. 9, 2022.
Prior Publication US 2023/0269066 A1, Aug. 24, 2023
Int. Cl. H04L 9/00 (2022.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)
CPC H04L 9/006 (2013.01) [H04L 9/0891 (2013.01); H04L 9/3247 (2013.01); H04L 9/3268 (2013.01); H04L 63/06 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of performing an cryptographic operation according to a public key infrastructure (PKI) client-unique private key, comprising:
providing, in a PKI client, a whitebox implementation, the whitebox implementation comprising:
a global whitebox decryptor;
a locked whitebox encryptor, the locked whitebox encryptor locked to the PKI client according to a PKI client unique ID;
a locked whitebox decryptor, the locked whitebox decryptor locked to the PKI client according to the PKI client unique ID;
receiving:
an encoded global encryption key;
the private key encrypted according to the global encryption key;
a digital certificate cryptographically associated with the private key;
decrypting the encrypted private key according to the encoded global encryption key using the global whitebox decryptor;
deriving node locking information from the digital certificate;
uniquely re-encrypting the private key according to the node locking information by the locked whitebox encryptor;
re-deriving the node locking information from the digital certificate;
decrypting the re-encrypted private key according to the re-derived node locking information by the locked whitebox decryptor; and
performing the cryptographic operation according to the decrypted private key.