US 12,267,413 B2
Integrated circuit module functioning for information security
Chih-Ping Hsiao, Taipei (TW); Chia-Jung Liang, Taipei (TW); and Chihhung Lin, Taipei (TW)
Assigned to INFOKEYVAULT TECHNOLOGY CO., LTD., Taipei (TW)
Filed by InfoKey Vault Technology Co., Ltd., Taipei (TW)
Filed on May 2, 2022, as Appl. No. 17/734,139.
Claims priority of application No. 110115954 (TW), filed on May 3, 2021.
Prior Publication US 2022/0353062 A1, Nov. 3, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0825 (2013.01) [H04L 9/085 (2013.01); H04L 9/0869 (2013.01); H04L 9/3278 (2013.01)] 11 Claims
OG exemplary drawing
 
1. An integrated circuit module for information security, comprising:
a secure circuit unit, having passed a security evaluation as a cryptographic module and storing therein at least one digital key for providing a digital key service; and
a controller unit set in communication with the secure circuit unit, including a fast service unit and a trusted zone unit, wherein the trusted zone unit and the secure circuit unit respectively use a first channel establishment key and a second channel establishment key, which are dependent on each other, to establish a secure signal channel, and the secure circuit unit transmits a specific data to the fast service unit via the security signal channel to perform a fast service,
wherein the first channel establishment key and the second channel establishment key are derived from the digital key, and
wherein the trusted zone unit includes a volatile memory; after the trusted zone unit uses a main key to perform an initialization process with the digital key provided by the secure circuit unit, and after a set of derived data is obtained from the digital key and the main key and stored back to the secure circuit unit, the secure circuit unit sends the set of derived data to the trusted zone unit in a subsequent process of establishing the secure signal channel, and the trusted zone unit uses the main key and the set of derived data to restore the digital key and stores it in a volatile memory; after the trusted zone unit completes mutual verification with the secure circuit unit by way of the digital key, the trusted zone unit and the secure circuit unit use the digital key to derive the first channel establishment key and the second channel establishment key respectively; the secure signal channel, by way of the first channel establishment key and the second channel establishment key, has the specific data transmitted therevia under encryption; and the specific data obtained by the trusted zone unit is stored into the volatile memory, wherein after the controller unit set is powered off, the digital key stored in the volatile memory will disappear, and the process of establishing the secure signal channel will be restarted once the controller unit is powered on.