Authentication Using Public Keys and Session Keys

1. A method of authenticating data, comprising: storing a plurality of combinations of representations of public keys and session key IDs in a non-volatile memory; storing a plurality of key states in association with the plurality of combinations of representations of public keys and session key IDs, respectively, wherein each key state indicates whether or not the associated combination is valid; inputting a payload and accompanying public key, session key ID, and signature of the payload, wherein the signature is a function of the payload and a private key of a key pair that includes the accompanying public key and the private key; determining with a processor whether or not the payload is authentic, from the accompanying public key and session key ID and the combinations stored in the non-volatile memory, and from the signature and the payload, wherein the determining includes: determining whether or not one of the plurality of combinations has a representation of a public key that matches the accompanying public key and whether or not the combination is valid from the key state associated with the combination, and in response to determining that the one of the combinations has the representation of a public key that matches the accompanying public key and is not valid, designating the payload to be not authentic; in response to determining that the payload is authentic, processing the payload; and in response to determining that the payload is not authentic, disabling processing of the payload.

2. The method of claim 1 , further comprising: wherein the storing of the plurality of combinations of representations of public keys and session key IDs includes storing the representation of each session key ID in a plurality of e-fuses; establishing a new session key by disabling current flow through one of the plurality of e-fuses of the representations of the session key ID of one of the plurality of combinations.

3. The method of claim 1 , wherein the storing of the plurality of key states in association with the plurality of combinations of representations of public keys and session key IDs includes storing each key state in one or more e-fuses.

4. The method of claim 1 , further comprising: wherein the storing of the plurality of combinations of representations of public keys and session key IDs includes storing the representation of each session key ID in a plurality of e-fuses; establishing a new session key by disabling current flow through one of the plurality of e-fuses of the representation of the session key ID of one of the plurality of combinations.

5. The method of claim 1 , wherein: the representation of each public key of the plurality of combinations of representations of public keys and session key IDs is a hash value of a public key; the determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory includes: computing a hash value of the accompanying public key; determining whether or not the hash value of the accompanying public key matches the representation of a public key of one of the plurality of combinations; and designating the payload to be not authentic in response to determining that the hash value of the accompanying public key does not match the representation of a public key of the plurality of combinations.

6. The method of claim 5 , wherein the determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory includes: for one of the plurality of combinations of representations of public keys and session key IDs that has the representation of the public key that matches the hash value of the accompanying public key, determining whether or not an accompanying session key ID number matches the representation of the session key ID number of the one combination; in response to determining that the accompanying session key ID number matches the representation of the session key ID number of the one combination, designating the payload to be authentic; and in response to determining that the accompanying session key ID number does not match the representation of the session key ID number of the one combination, designating the payload to be not authentic.

7. The method of claim 2 , wherein the storing of the plurality of combinations of representations of public keys and session key IDs includes storing the representation of each public key in a plurality of e-fuses.

8. The method of claim 1 , wherein: each combination of the plurality of combinations of representations of public keys and session key IDs in the non-volatile memory is a hash value of a public key and a session key ID; the determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory includes: computing a first hash value of the accompanying public key and session key ID; determining whether or not the first hash value matches any of the hash values in the non-volatile memory; and designating the payload to be not authentic in response to determining that the first hash value does not match any of the hash values in the non-volatile memory.

9. An authentication system, comprising: non-volatile memory configurable for storage of a plurality of combinations of representations of public keys and session key IDs and storage for a plurality of key states in association with the plurality of combinations of representations of public keys and session key IDs, respectively, wherein each key state indicates whether or not the associated combination is valid; a processor coupled to the non-volatile storage, the processor configured to: input a payload and accompanying public key, session key ID, and signature of the payload, wherein the signature is a function of the payload and a private key of a key pair that includes the accompanying public key and the private key; determine whether or not one of the combinations has a representation of a public key that matches the accompanying public key and whether or not the combination is valid from the key state associated with the combination; in response to determining that the one of the combinations has the representation of a public key that matches the accompanying public key and is not valid, designate the payload to be not authentic; determine whether or not the payload is authentic, from the accompanying public key and session key ID and the combinations stored in the non-volatile memory, and from the signature and the payload; responsive to determining that the payload is authentic, process the payload; and responsive to determining that the payload is not authentic, disable processing of the payload.

10. The system of claim 9 , wherein: the non-volatile memory includes a plurality of e-fuses for storage of the combinations of representations of public keys and session key IDs; and the processor is further configured to establish a new session key by disabling current flow through one of the plurality of e-fuses of the representations of the session key ID of one of the plurality of combinations.

11. The system of claim 9 , wherein the non-volatile memory includes a plurality of e-fuses for storage of the plurality of key states.

12. The system of claim 11 , wherein: the non-volatile memory includes a plurality of e-fuses for storage of the representations of the session key IDs; and the processor is further configured to establish a new session key by disabling current flow through one of the plurality of e-fuses of the representation of the session key ID of one of the plurality of combinations.

13. The system of claim 9 , wherein: the representation of each public key of the plurality of combinations of representations of public keys and session key IDs is a hash value of a public key; the processor, in determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory, is configured to: compute a hash value of the accompanying public key; determine whether or not the hash value of the accompanying public key matches the representation of a public key of one of the plurality of combinations; and designate the payload to be not authentic in response to determining that the hash value of the accompanying public key does not match the representation of a public key of the plurality of combinations.

14. The system of claim 13 , wherein the processor, in determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory, is configured to: for one of the plurality of combinations of representations of public keys and session key IDs that has the representation of the public key that matches the hash value of the accompanying public key, determine whether or not an accompanying session key ID number matches the representation of the session key ID number of the one combination; in response to determining that the accompanying session key ID number matches the representation of the session key ID number of the one combination, designate the payload to be authentic; and in response to determining that the accompanying session key ID number does not match the representation of the session key ID number of the one combination, designate the payload to be not authentic.

15. The system of claim 9 , wherein: each combination of the plurality of combinations of representations of public keys and session key IDs in the non-volatile memory is a hash value of a public key and a session key ID; the processor, in determining whether or not the payload is authentic from the accompanying public key and session key ID and the combinations stored in the non-volatile memory, is configured to: compute a first hash value of the accompanying public key and session key ID; determine whether or not the first hash value matches any of the hash values in the non-volatile memory; and designate the payload to be not authentic in response to determining that the first hash value does not match any of the hash values in the non-volatile memory.