US 12,411,997 B2
Immutable certificate for device identifier composition engine
Alessandro Orlando, Milan (IT); Danilo Caraccio, Milan (IT); and Niccolò Izzo, Vignate (IT)
Assigned to Micron Technology, Inc., Boise, ID (US)
Filed by Micron Technology, Inc., Boise, ID (US)
Filed on Oct. 18, 2023, as Appl. No. 18/489,625.
Claims priority of provisional application 63/481,471, filed on Jan. 25, 2023.
Claims priority of provisional application 63/380,501, filed on Oct. 21, 2022.
Prior Publication US 2024/0184929 A1, Jun. 6, 2024
Int. Cl. G06F 21/64 (2013.01); G06F 21/60 (2013.01); G06F 21/73 (2013.01)
CPC G06F 21/73 (2013.01) [G06F 21/602 (2013.01); G06F 21/64 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A device, comprising:
a secure computing environment, comprising:
a hardware root of trust (HRoT) device identifier composition engine (DICE) component,
a DICE layer 0 (L0) component configured to derive a DICE identity key, wherein the DICE L0 component is above the HRoT DICE component in a layer stack; and
a DICE layer 1 (L1) component configured to derive a DICE alias key based on the DICE identity key, wherein the DICE L1 component is above the DICE L0 component in the layer stack, wherein the DICE L1 component and the DICE L0 component are implemented as mutable code; and
a controller configured to:
generate an immutable compound device identifier (CDI) based on a Unique Device Secret and a first measurement of an immutable parameter of the device;
generate a DICE L0 CDI based on the immutable CDI and a second measurement of a mutable parameter of the device;
generate a set of certificates based on the DICE L0 CDI and as a response to receiving a first command to generate the set of certificates; and
store the set of certificates in a memory of the device to enable the device to provide the set of certificates as a response to a second command.