Patent attributes
A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data. The processor is configured to: receive an encrypted common protection key, encrypted using a manufacturing protection key, and an encrypted distribution private key, encrypted using a common protection key; obtain the manufacturing protection key using the preconfigured trust anchor data and the preconfigured non-exportable data; decrypt the encrypted common protection key using the manufacturing protection key to obtain the common protection key; decrypt the encrypted distribution private key using the common protection key to obtain a distribution private key; receive an encrypted data package including image-at-rest data encrypted with an image-at-rest key, the encrypted data package including encryption data for obtaining the image-at-rest key using the distribution private key; and install the encrypted data package at the memory.
