System and method for generating symmetric keys within a personal security device having minimal trust relationships
First Claim
Patent Images
1. A data processing system for generating a unique symmetric cryptographic key using data stored inside a PSD from a plurality of separate sources, said system comprising:
- a PSD including a non-mutable unique serial number, an operating system, data processing means, data storage means, communications means and cryptography means;
a PSD manufacturer including data processing means, communications means and cryptography means, wherein said PSD manufacturer operatively and securely installs a composite key generating algorithm and a first symmetric key inside said PSD, causing a first composite key to be generated and securely stored inside said PSD using said first symmetric key and said serial number as inputs into said composite key generating algorithm;
at least one secure transfer arrangement, wherein said PSD manufacturer sends said PSD and a copy of said first symmetric key and said PSD serial number to a PSD issuer and another copy of said first symmetric key and said serial number to a trusted third party;
said PSD issuer including data processing means, communications means and cryptography means, wherein said PSD issuer operatively and securely installs a second symmetric key inside said PSD using said first symmetric key to gain access to said PSD, causing a second composite key to be generated and securely stored inside said PSD using said first composite key and said second symmetric key as inputs into said composite key generating algorithm;
said at least one secure transfer arrangement, wherein said PSD issuer sends a copy of said second symmetric key and said serial number to said trusted third party;
said trusted third party in secure receipt of said first symmetric key and said serial number, wherein said trusted third party using an equivalent composite key generating algorithm to said PSD key generating algorithm generates said first duplicate composite key using said first symmetric key and said serial number as inputs into said equivalent composite key generating algorithm; and
said trusted third party in secure receipt of said second symmetric key and said serial number, wherein said trusted third party using said equivalent composite key generating algorithm generates said second duplicate composite key using said first duplicate composite key and said second symmetric key as inputs into said equivalent composite key generating algorithm.
4 Assignments
0 Petitions
Accused Products
Abstract
A data processing method and system for generating a unique symmetric key inside a PSD having limited trust relationships between PSD manufacture, PSD issuer, subsequent service providers and a trusted third party.
27 Citations
32 Claims
-
1. A data processing system for generating a unique symmetric cryptographic key using data stored inside a PSD from a plurality of separate sources, said system comprising:
-
a PSD including a non-mutable unique serial number, an operating system, data processing means, data storage means, communications means and cryptography means;
a PSD manufacturer including data processing means, communications means and cryptography means, wherein said PSD manufacturer operatively and securely installs a composite key generating algorithm and a first symmetric key inside said PSD, causing a first composite key to be generated and securely stored inside said PSD using said first symmetric key and said serial number as inputs into said composite key generating algorithm;
at least one secure transfer arrangement, wherein said PSD manufacturer sends said PSD and a copy of said first symmetric key and said PSD serial number to a PSD issuer and another copy of said first symmetric key and said serial number to a trusted third party;
said PSD issuer including data processing means, communications means and cryptography means, wherein said PSD issuer operatively and securely installs a second symmetric key inside said PSD using said first symmetric key to gain access to said PSD, causing a second composite key to be generated and securely stored inside said PSD using said first composite key and said second symmetric key as inputs into said composite key generating algorithm;
said at least one secure transfer arrangement, wherein said PSD issuer sends a copy of said second symmetric key and said serial number to said trusted third party;
said trusted third party in secure receipt of said first symmetric key and said serial number, wherein said trusted third party using an equivalent composite key generating algorithm to said PSD key generating algorithm generates said first duplicate composite key using said first symmetric key and said serial number as inputs into said equivalent composite key generating algorithm; and
said trusted third party in secure receipt of said second symmetric key and said serial number, wherein said trusted third party using said equivalent composite key generating algorithm generates said second duplicate composite key using said first duplicate composite key and said second symmetric key as inputs into said equivalent composite key generating algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of generating a unique symmetric cryptographic key using data stored inside an operable PSD including a unique serial number, from a plurality of separate sources, said method comprising:
-
securely installing a composite key generating algorithm inside said PSD, wherein said composite key generating algorithm is known to a trusted third party, securely installing a first symmetric key inside said PSD by a PSD manufacturer, generating a first composite key by executing said composite key generating algorithm using said unique serial number and said first symmetric key as inputs into said composite key generating algorithm, securely storing said first composite key inside said PSD, sending a copy of said first symmetric key, said unique serial number and said PSD to a PSD issuer using at least one secure transfer arrangement, sending a copy of said first symmetric key and said unique serial number to said trusted third party using said at least one secure transfer arrangement, accessing said PSD using said first symmetric key by said PSD issuer, securely installing a second symmetric key by said PSD issuer, generating a second composite key by executing said composite key generating algorithm using said first composite key and said second symmetric key as inputs into said composite key generating algorithm, securely storing said second composite key inside said PSD, sending a copy of said second symmetric key and said unique serial number to said trusted third party using said at least one secure transfer arrangement, securely receiving said first symmetric key and said unique serial number by said trusted third party, generating a first duplicate composite key by said trusted third party using an equivalent composite key generating algorithm, said first symmetric key and said unique serial number as inputs into said equivalent composite key generating algorithm, securely receiving said second symmetric key and said unique serial number by said trusted third party, generating a second duplicate composite key by said trusted third party using said equivalent composite key generating algorithm and said second symmetric key as inputs into said equivalent composite key generating algorithm. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification