US 12,452,036 B2
Method for configuring a security module with at least one derived key
Rainer Falk, Poing (DE); Christian Peter Feist, Munich (DE); and Johannes Zwanzger, Neubiberg (DE)
Assigned to Siemens Aktiengesellschaft, Munich (DE)
Appl. No. 17/599,780
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Mar. 16, 2020, PCT No. PCT/EP2020/057077
§ 371(c)(1), (2) Date Sep. 29, 2021,
PCT Pub. No. WO2020/200729, PCT Pub. Date Oct. 8, 2020.
Claims priority of application No. 19167509 (EP), filed on Apr. 5, 2019.
Prior Publication US 2022/0150056 A1, May 12, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/06 (2006.01)
CPC H04L 9/0825 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0866 (2013.01); H04L 9/0877 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A method for configuring a security module, comprising the following steps:
providing a key;
deriving a further key from the provided key or from a key derived beforehand from the provided key;
configuring the security module with the derived further key;
performing a fingerprint measurement process in a runtime environment, wherein the fingerprint measurement process is isolated from other processes by a hypervisor;
wherein a changeable digital fingerprint determined dynamically at runtime is incorporated into the derivation as key derivation parameter, this fingerprint being formed on the basis of a measured current runtime configuration of the runtime environment communicating with the security module;
wherein the method further comprises providing a measurement policy, wherein the measurement policy indicates a part of the runtime environment to be measured to form the fingerprint; and
wherein the measurement policy includes: file systems and properties, and/or meta information of a file system.