Method and system for generating and verifying a key protection certificate
First Claim
Patent Images
1. A data processing system for generating a key protection certificate comprising;
- a PSD further comprising a unique device name, cryptography means, data processing means, data storage means and communications means;
wherein said cryptography means includes an asymmetric key pair generating algorithm, a first securely shared secret key, a second securely shared secret key, symmetric cryptography means, a concatenation algorithm, a message authentication code algorithm, cryptographic seed information, a key protection certificate algorithm and a signing algorithm.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing method and system for generating and verifying a key protection certificate.
The data processing system comprises a PSD including a unique device name, cryptography means, data processing means, data storage means and communications means.
The cryptography means includes an asymmetric key pair generating algorithm, a first securely shared secret key, a second securely shared secret key, symmetric cryptography means, a concatenation algorithm, a message authentication code algorithm, cryptographic seed information, a key protection certificate algorithm and a signing algorithm.
-
Citations
29 Claims
-
1. A data processing system for generating a key protection certificate comprising;
-
a PSD further comprising a unique device name, cryptography means, data processing means, data storage means and communications means;
wherein said cryptography means includes an asymmetric key pair generating algorithm, a first securely shared secret key, a second securely shared secret key, symmetric cryptography means, a concatenation algorithm, a message authentication code algorithm, cryptographic seed information, a key protection certificate algorithm and a signing algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29)
-
-
13. A data processing system for validating a key protection certificate comprising;
data processing means, data storage means, communications means, cryptography means, a first securely shared secret symmetric key, a second securely shared secret symmetric key and a public key, wherein the cryptography means includes a message authentication code algorithm, cross referencing means and a comparator algorithm.
-
26. A method for generating a key protection certificate comprising:
-
injecting a first securely shared secret symmetric key, a second securely shared secret symmetric key, a key protection algorithm and cryptographic seed information into a PSD, wherein at least a portion of said seed information is used in generating at least one public key and one private key, storing said injected symmetric keys and said seed information in a secure domain within said PSD, sending a command to said PSD for generating said at least one public key and one private key, wherein said command initiates generation of said keys and of said key protection certificate, generating said at least one public key and said one private key using at least a portion of said seed information, generating contextual attributes specific to at least the generation of said private key, encrypting at least a portion of said contextual attributes using said first shared secret key, forming private contextual attributes and public contextual attributes, wherein predetermined parameters are included in said private contextual attributes, storing said public key and said private key in said secure domain, generating a digital signature of a unique device name using said private key, concatenating said device name, private contextual attributes, public contextual attributes with said digital signature and generating a first intermediate result, generating a message authentication code of said first intermediate result using said second shared secret key producing a second intermediate result, concatenating said first intermediate result with said second intermediate result producing said key protection certificate; and
storing said key protection certificate in said secure domain.
-
-
27. A method for validating a key protection certificate comprising:
-
receiving said key protection certificate and a public key, wherein said certificate contains at least a plain text device name portion, a signed device name portion and cryptogram portion, cross-referencing said device name with proper shared secret keys, public key, cryptographic algorithms and reference parameters associated with said key protection certificate, verifying said signed device name portion of said certificate using said public key, comparing the resulting device name with said device name portion included in said certificate, independently performing a message authentication code function on said concatenated private contextual attributes, public contextual attributes, device name, and signed device name portions of said certificate using a first of said shared secret keys, comparing the resulting message authentication code with a method authentication code included in said certificate, decrypting said private contextual attributes using a second of said shared secret keys, comparing at least a portion of the private contextual attributes to the reference parameters, validating said certificate if said resulting device name matches said device name contained in said certificate, said independently generated message authentication code matches said message authentication code contained in said certificate and at least a portion of said private contextual attributes matches said reference parameter, rejecting said certificate if any of said matches is not achieved.
-
Specification