Browse Prior Art Database

Method For Testing Hardware and Firmware Operations on A Hardware Security Module

IP.com Disclosure Number: IPCOM000234984D
Publication Date: 2014-Feb-21
Document File: 4 page(s) / 401K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for testing hardware and firmware operations that features a lightweight test application (TAPP) server (TAS) for one or more processors on the hardware security module (HSM).

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 4

Method For Testing Hardware and Firmware Operations on A Hardware Security Module

When producing a specialized hardware security module (HSM), thorough testing of the hardware (and the firmware that runs on it) is required during the manufacturing process. One existing method for accomplishing this is to trigger firmware test applications (TAPPs) that are included in a debug build as part of the firmware deposited on the HSM. The primary limitations of this technique are (1) the high amount of memory/FLASH consumed on the HSM and (2) it requires a new build and load onto the processor for each new TAPP.

Another method uses Universal Bootloader (U-Boot). U-Boot is a combination of that run-time operating system (OS) and a suite of TAPPs. It can be dynamically configured

with TAPPs on a host machine and loaded via a serial, Ethernet, or Universal Serial Bus (USB) connection. This technique has multiple limitations. It consumes a high amount of memory/FLASH on the HSM. The U-Boot assumes a virgin Central Processing Unit (CPU) state. The U-Boot supports input/output (I/O) arguments for its TAPPs via stdin/stdout on the host machine. Additionally, the U-Boot and the TAPPs that it loads are not encrypted (i.e. are in the clear).

The novel contribution is a method that features a lightweight TAPP server (TAS) for one or more processors on the HSM. The encrypted TAS is loaded onto the card dynamically, and the TAS does not assume a virgin CPU state; rather, it uses the...