Method and system for remotely keyed encrypting/decrypting data with prior checking a token

US 10,057,054 B2
Filed: 03/09/2015
Issued: 08/21/2018
Est. Priority Date: 03/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting a message, comprising the steps of:

receiving, by a host device, which is a microcontroller unit (MCU), the message to be encrypted;

after receiving the message to be encrypted, requesting, by the host device, a message key from a secure device, which is a secure element (SE) type of microcontroller;

generating, by the secure device, the message key using a secret key stored in the secure device and which is not communicated to the host device;

transmitting, by the secure device, the message key to the host device; and

after receiving the message key, encrypting, by the host device, the message to be encrypted using the message key;

wherein the method includes the prior steps of;

requesting, by the host device, a token from the secure device,generating the token by the secure device, and transmitting the token to the host device,wherein the step of requesting, by the host device, the message key comprises transmitting the token,wherein generating the token comprises encrypting a random number by means of the secret key,wherein the step of generating, by the secure device, the message key is preceded by a step of checking legitimacy of the token, andwherein the host device and the secure device are integrated with an embedded system that is a serial port device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for encrypting a message by a host device includes requesting, by the host device, a message key from a secure device and generating, by the secure device, the message key using a secret key stored in the secure device and which is not communicated to the host device. The method further includes the prior steps of requesting, by the host device, a token from the secure device and generating the token by the secure device, and transmitting the token to the host device. The requesting, by the host device, of the message key includes transmitting the token. The generating, by the secure device, of the message key is preceded by checking the legitimacy of the token.

Citations

16 Claims

1. A method for encrypting a message, comprising the steps of:
- receiving, by a host device, which is a microcontroller unit (MCU), the message to be encrypted;
  
  after receiving the message to be encrypted, requesting, by the host device, a message key from a secure device, which is a secure element (SE) type of microcontroller;
  
  generating, by the secure device, the message key using a secret key stored in the secure device and which is not communicated to the host device;
  
  transmitting, by the secure device, the message key to the host device; and
  
  after receiving the message key, encrypting, by the host device, the message to be encrypted using the message key;
  
  wherein the method includes the prior steps of;
  
  requesting, by the host device, a token from the secure device,generating the token by the secure device, and transmitting the token to the host device,wherein the step of requesting, by the host device, the message key comprises transmitting the token,wherein generating the token comprises encrypting a random number by means of the secret key,wherein the step of generating, by the secure device, the message key is preceded by a step of checking legitimacy of the token, andwherein the host device and the secure device are integrated with an embedded system that is a serial port device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 15, 16)
- - 2. The method according to claim 1, wherein the random number is concatenated with a unique identifier of the secure device, and wherein generating the token comprises encrypting the concatenation of the random number with the unique identifier.
  - 3. The method according to claim 2, wherein the step of checking the legitimacy of the token comprises decrypting the concatenation of the random number with the unique identifier by means of the secret key and comparing the unique identifier of the secure device to a result of the decryption of the concatenation of the random number with the unique identifier.
  - 4. The method according to claim 3, further comprising, between the step of checking the legitimacy of the token and the step of generating the message key, a step of retrieving the random number from the result of decryption of the concatenation of the random number with the unique identifier.
  - 5. The method according to claim 1, wherein the random number is transmitted to the host device with the token, the step of requesting, by the host device, the message key comprises transmitting the token and the random number, and the step of checking the legitimacy of the token comprises decrypting the random number and comparing the random number transmitted to a result of the decryption of the random number.
  - 6. The method according to claim 1, wherein the message key is generated by hashing the random number by means of the secret key.
  - 7. The method according to claim 6, further comprising encrypting the message key by means of the secret key, and wherein the step of transmitting, by the secure device, the message key to the host device comprises transmitting the encrypted message key.
  - 8. The method according to claim 7, further comprising decrypting, by the host device, the encrypted message key.
  - 9. The method according to claim 1, wherein the secret key is a private key of an asymmetrical encryption algorithm.
  - 10. The method according to claim 9, wherein the random number is transmitted to the host device with the token, the step of requesting, by the host device, a message key comprises transmitting the token and the random number, and the step of checking the legitimacy of the token comprises decrypting the random number by means of a public key of the asymmetrical encryption algorithm and comparing the random number transmitted to a result of the decryption of the random number.
  - 11. The method according to claim 9, wherein the message key is generated by hashing the random number by means of the secret key, and further comprising encrypting the message key by means of the secret key and decrypting, by the host device, the encrypted message key by means of a public key of the asymmetrical encryption algorithm.
  - 15. The method according to claim 1, wherein the embedded system comprises a flash memory.
  - 16. The method according to claim 1, wherein the embedded system serial port device is a universal serial bus (USB) device.

12. A method for decrypting a message, comprising the steps of:
- receiving, by a host device, which is a microcontroller unit (MCU), the message to be decrypted;
  
  after receiving the message to be decrypted, requesting, by the host device, a message key from a secure device, which is a secure element (SE) type of microcontroller;
  
  generating by the secure device the message key using a secret key stored in the secure device and which is not communicated to the host device;
  
  transmitting, by the secure device, the message key to the host device; and
  
  after receiving the message key, decrypting, by the host device, the message to be decrypted using the message key;
  
  wherein the message to be decrypted is accompanied by a token generated by encrypting a random number by means of the secret key, and in that the step of generating, by the secure device, the message key is preceded by a step of checking legitimacy of the token, andwherein the host device and the secure device are integrated with an embedded system that is a serial port device.

13. An embedded system that is a serial port device for encrypting a message by a host device using a message key comprising:
- a host device, which is a microcontroller unit (MCU); and
  
  a secure device, which is a secure element (SE) type of microcontroller,wherein the host device is configured to receive the message to be encrypted and to request, after receiving the message to be encrypted, a message key from the secure device,the secure device is configured to generate the message key using a secret key stored in the secure device and which is not communicated to the host device and transmit the message key to the host device,the host device is configured to, after receiving the message key, encrypt the message to be encrypted using the message key,the host device is configured to request a token from the secure device,the secure device is configured to generate the token and transmit the token to the host device,the host device is configured to request the message key by transmitting the token,the secure device is configured to generate the token by encrypting a random number by means of the secret key, andthe secure device is configured to check legitimacy of the token before generating the message key.

14. An embedded system that is a serial port device for decrypting a message using a message key comprising:
- a host device, which is a microcontroller unit (MCU); and
  
  a secure device, which is a secure element (SE) type of microcontroller,wherein the host device is configured to receive a message to be decrypted, the message to be decrypted being accompanied by a token generated by encrypting a random number by means of a secret key,the host device is configured to request, after receiving the message to be decrypted, a message key from the secure device,the secure device is configured to generate the message key using the secret key stored in the secure device and which is not communicated to the host device, and to transmit the message key to the host device,the host device is configured to, after receiving the message key, decrypt the message to be decrypted using the message key;
  
  wherein the secure device is configured to check legitimacy of the token before generating the message key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Commissariat a L'Energie Atomique (French Alternative Energies and Atomic Energy Commission)
Original Assignee
Commissariat a L'Energie Atomique (French Alternative Energies and Atomic Energy Commission)
Inventors
Pebay-Peyroula, Florian
Primary Examiner(s)
Powers, William S
Assistant Examiner(s)
Tran, Tongoc

Application Number

US14/642,081
Publication Number

US 20160359620A1
Time in Patent Office

1,261 Days
Field of Search

380278
US Class Current
CPC Class Codes

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/0869   involving random numbers or...

H04L 9/0877   using additional device, e....

H04L 9/3213   using tickets or tokens, e....

Method and system for remotely keyed encrypting/decrypting data with prior checking a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for remotely keyed encrypting/decrypting data with prior checking a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links