	US 12,413,426 B2
	Providing a proof of origin for a digital key pair
Hendrik Brockhaus, Unterbiberg (DE); and Jens-Uwe Busser, Neubiberg (DE)
Assigned to SIEMENS AKTIENGESELLSCHAFT, Munich (DE)
Appl. No. 17/429,544
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Feb. 7, 2020, PCT No. PCT/EP2020/053131 § 371(c)(1), (2) Date Aug. 9, 2021, PCT Pub. No. WO2020/165041, PCT Pub. Date Aug. 20, 2020.
Claims priority of application No. 19156685 (EP), filed on Feb. 12, 2019.
Prior Publication US 2022/0158852 A1, May 19, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)

CPC H04L 9/3268 (2013.01) [H04L 9/0825 (2013.01)]

10 Claims

1. A method for restricting access to a device using a digital key pair, the method comprising:

generating the digital key pair at an origin comprising a security module of the device;

wherein the digital key pair includes a public key and a private key;

wherein the private key is stored in the security module and protected against access;

wherein the security module comprises at least one of: a cryptographic processor, a hardware security module, and/or a trusted platform module;

providing a proof of origin confirming generation of the digital key pair at the origin, wherein the proof of origin is protected by a secret key stored in the security module;

wherein the secret key comprises a group key issued by a central authority, wherein the group key is valid for a group of devices including at least one of: all security modules or security chips manufactured for devices of a single customer, all security modules or security chips of a single production batch, all devices of a model range, or all devices of a single production batch; and

issuing the public key together with the proof of origin;

wherein the public key and the proof of origin are both required for creation of an authentication certificate.