US 12,169,588 B2
Securing external data storage for a secure element integrated on a system-on-chip
Olivier Jean Benoit, San Diego, CA (US); and Osman Koyuncu, San Diego, CA (US)
Assigned to Google LLC, Mountain View, CA (US)
Appl. No. 17/439,368
Filed by Google LLC, Mountain View, CA (US)
PCT Filed Aug. 29, 2019, PCT No. PCT/US2019/048837
§ 371(c)(1), (2) Date Sep. 14, 2021,
PCT Pub. No. WO2021/040721, PCT Pub. Date Mar. 4, 2021.
Prior Publication US 2022/0156411 A1, May 19, 2022
Int. Cl. G06F 21/79 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/79 (2013.01) [G06F 21/6209 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for securing sensitive information in a flash memory of a computing system, the method comprising:
communicating, by an integrated secure element (ISE) of a system-on-chip of the computing system and over a dedicated channel between the ISE and a secure flash memory external to the system-on-chip, information for determining a shared secret key useful to enable secure communication between the ISE of the system-on-chip and the secure flash memory over the dedicated channel, the information based on a first public key and private key pair preprogrammed into the ISE and a second public key and private key pair preprogrammed into the secure flash memory;
securing, based on the shared secret key, the dedicated channel between the ISE of the system-on-chip and the secure flash memory external to the system-on-chip to establish a secure dedicated channel to provide the ISE with exclusive access to a flash cryptographic key stored by the secure flash memory external to the system-on-chip;
accessing, via the secure dedicated channel, the flash cryptographic key stored by the secure flash memory external to the system-on-chip; and
cryptographically protecting, using the flash cryptographic key obtained from the secure flash memory, sensitive information written to the flash memory of the computing system via an interface between the system-on-chip and the flash memory that is separate from the dedicated channel between the ISE and the secure flash memory, the flash memory external to the system-on-chip.