System and method for securely copying a cryptographic key

US 20020144117A1
Filed: 03/30/2001
Published: 10/03/2002
Est. Priority Date: 03/30/2001
Status: Active Grant

First Claim

Patent Images

1. A method of securely copying a cryptographic key from one smart device to another smart device, comprising:

mutually authenticating a smart source device and a host with respect to each other;

mutually authenticating a smart destination device and the host with respect to each other;

authenticating the destination device through the host by the source device; and

sending a cryptographic key stored in the source device to the destination device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided in which a cryptographic key stored in a secure token such as a smart card can be copied to another smart card with high security and assurance with no intermediary being able to see what is being transferred. According to the invention, a host assisting in the transfer and a source smart card mutually authenticate themselves with each other. The host and a destination smart card also mutually authenticate themselves with each other. Then, the source card authenticates the destination card to ensure that the destination card is permitted to receive the cryptographic key of the source card. The source card then sends the cryptographic key to the destination card in a secure manner.

88 Citations

View as Search Results

18 Claims

1. A method of securely copying a cryptographic key from one smart device to another smart device, comprising:
- mutually authenticating a smart source device and a host with respect to each other;
  
  mutually authenticating a smart destination device and the host with respect to each other;
  
  authenticating the destination device through the host by the source device; and
  
  sending a cryptographic key stored in the source device to the destination device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 18)
- - 2. The method according to claim 1, prior to the step of sending a cryptographic key, further comprising mutually authenticating the smart source device and a notary with respect to each other.
  - 3. The method according to claim 1 wherein the step of mutually authenticating a smart source device and a host comprises:
    - sending to the host a challenge signed with the private key of the source device;
      
      verifying the signature of the challenge by the host;
      
      sending to the source device a response signed with the private key of the host; and
      
      verifying the signature of the response by the source device.
  - 4. The method according to claim 1 wherein the step of mutually authenticating a smart source device and a host comprises:
    - sending, to the host, a challenge encrypted with the public key of the host and signed with the private key of the source device;
      
      verifying the signature of the challenge by the host;
      
      decrypting the challenge with the private key of the host;
      
      sending, to the source device, a response encrypted with the public key of the source device and signed with the private key of the host;
      
      verifying the signature of the response by the source device; and
      
      decrypting the response with the private key of the source device.
  - 5. The method according to claim 4 wherein:
    - the step of sending, to the host, a challenge includes;
      
      generating a random number by the source device;
      
      encrypting the random number with the public key of the host; and
      
      signing the random number with the private key of the source device; and
      
      the step of sending, to the source device, a response includes;
      
      encrypting the random number with the public key of the source device; and
      
      signing the random number with the private key of the host.
  - 6. The method according to claim 1 wherein the step of authenticating the destination device includes:
    - sending to the destination device a challenge signed with a private key of the source device;
      
      verifying the signature of the challenge by the destination device;
      
      sending to the source device a response signed with the private key of the destination device; and
      
      verifying the signature of the response by the source device.
  - 7. The method according to claim 1 wherein:
    - the step of mutually authenticating a smart source device and a host includes;
      
      sending to the host a challenge signed with the private key of the source device;
      
      verifying the signature of the challenge by the host;
      
      sending to the source device a response signed with the private key of the host; and
      
      verifying the signature of the response by the source device; and
      
      the step of authenticating the destination device includes;
      
      sending to the destination device a challenge signed with a private key of the source device;
      
      verifying the signature of the challenge by the destination device;
      
      sending to the source device a response signed with the private key of the destination device; and
      
      verifying the signature of the response by the source device.
  - 8. The method according to claim 1 wherein the step of authenticating the destination device includes:
    - sending to the destination device a challenge encrypted with a symmetric key and signed with a private key of the source device, the symmetric key being common to the source and destination devices;
      
      decrypting the challenge with the symmetric key by the destination device;
      
      verifying the signature of the challenge by the destination device;
      
      sending to the source device a response encrypted with the public key of the source device and signed with the private key of the destination device;
      
      verifying the signature of the response by the source device; and
      
      decrypting the response with the private key of the source device.
  - 9. The method according to claim 8 wherein the step of sending to the source device a response includes:
    - encrypting the decrypted challenge with the public key of the source device;
      
      encrypting the decrypted challenge with the symmetric key; and
      
      signing the decrypted challenge with the private key of the destination device.
  - 10. The method according to claim 8 wherein the step of sending to the destination device a challenge includes:
    - sending the challenge to the host;
      
      signing the challenge with the private key of the host; and
      
      sending the signed challenge to the destination device.
  - 11. The method according to claim 8 wherein the step of sending to the destination device a challenge includes:
    - generating a random number;
      
      encrypting the random number with the public key of the destination device;
      
      encrypting the random number with the symmetric key; and
      
      signing the random number with the private key of the source device.
  - 13. The method according to claim 12 wherein the step of mutually authenticating a smart source token and a host comprises:
    - sending to the host a challenge signed with the private key of the source token;
      
      verifying the signature of the challenge by the host;
      
      sending to the source token a response signed with the private key of the host; and
      
      verifying the signature of the response by the source token.
  - 14. The method according to claim 12 wherein the step of mutually authenticating a smart source token and a host comprises:
    - sending, to the host, a challenge encrypted with the public key of the host and signed with the private key of the source token;
      
      verifying the signature of the challenge by the host;
      
      decrypting the challenge with the private key of the host;
      
      sending, to the source token, a response encrypted with the public key of the source token and signed with the private key of the host;
      
      verifying the signature of the response by the source token; and
      
      decrypting the response with the private key of the source token.
  - 15. The method according to claim 12 wherein the step of authenticating the destination token includes:
    - sending to the destination token a challenge encrypted with the symmetric key and signed with a private key of the source token;
      
      decrypting the challenge with the symmetric key by the destination token;
      
      verifying the signature of the challenge by the destination token;
      
      sending to the source token a response encrypted with the public key of the source token and signed with the private key of the destination token;
      
      verifying the signature of the response by the source token; and
      
      decrypting the response with the private key of the source token.
  - 16. The method according to claim 12 wherein the step of sending a cryptographic key includes:
    - encrypting the cryptographic key with the symmetric key;
      
      encrypting the cryptographic key with the public key of the destination token; and
      
      signing the cryptographic key with the private key of the source token.
  - 18. The system according to claim 17, further comprising a notary connected to the host and is operable to mutually authenticate the source device and the notary with respect to each other.

12. A method of securely copying a cryptographic key from one secure token to another secure token, the cryptographic key being self-generated by the one secure token, comprising:
- mutually authenticating a secure source token and a host with respect to each other;
  
  mutually authenticating a secure destination token and the host with respect to each other;
  
  authenticating the destination token through the host by the source token using a symmetric key that is common to and stored in the source and destination tokens; and
  
  sending a cryptographic key stored in the source token to the destination token.

17. A system for securely copying a cryptographic key from one smart device to another smart device, comprising:
- a host having host software stored therein;
  
  a smart source device connected to and operable to communicate with the host, the source device storing source software;
  
  a smart destination device connected to and operable to communicate with the host, the destination device storing destination software; and
  
  wherein the host software, source software and destination software interact with each other to;
  
  mutually authenticate the source device and the host with respect to each other;
  
  mutually authenticate the destination device and the host with respect to each other;
  
  authenticate the destination device by the source device; and
  
  send a cryptographic key stored in the source device to the destination device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Financial Corporation
Inventors
Faigle, Christopher T.

Granted Patent

US 7,178,027 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

System and method for securely copying a cryptographic key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely copying a cryptographic key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links