Smartcard with cryptographic functionality and method and system for using such cards

US 20050102523A1
Filed: 11/05/2004
Published: 05/12/2005
Est. Priority Date: 11/08/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing cryptographic services in an organisation, the method comprising:

providing members of the organisation with respective smartcards, each holding a secret associated with the member concerned and arranged to map an input string to a first element of an algebraic group according to a known mapping function, to multiply the first element by said secret to form a second element of said algebraic group such that there exists a computable bilinear map for the first and second elements, and to output this second element;

the members using the smartcards in the provision of at least encryption, decryption and signing cryptographic services with the same smartcard-held secret of a member being involved as required in all these services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smartcard is provided that stores a secret associated with the user of the card. The smartcard is arranged to map an input string to a first element of an algebraic group according to a known mapping function, to multiply the first element by the stored secret to form a second element of the same algebraic group such that there exists a computable bilinear map for the first and second elements, and to output this second element. This selection of the limited functionality of the smartcard enables it to be employed in the provision of a range of cryptographic services such as encryption, decryption and signature generation. The smartcard is therefore suitable for use in an organisation where multiple cryptographic services are required.

38 Citations

View as Search Results

30 Claims

1. A method of providing cryptographic services in an organisation, the method comprising:
- providing members of the organisation with respective smartcards, each holding a secret associated with the member concerned and arranged to map an input string to a first element of an algebraic group according to a known mapping function, to multiply the first element by said secret to form a second element of said algebraic group such that there exists a computable bilinear map for the first and second elements, and to output this second element;
  
  the members using the smartcards in the provision of at least encryption, decryption and signing cryptographic services with the same smartcard-held secret of a member being involved as required in all these services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein the smartcard of at least one member is used to produce a respective public key for each of a plurality of entities within said organisation, each such public key comprising the smartcard output resulting from using as said input string for the smartcard an attribute string provided by the entity concerned.
  - 3. A method according to claim 1, wherein:
    - the smartcard of each member is used to produce a respective public key each comprising a said first element P and corresponding second element R;
      
      a said member A with public key <
      
      P_A,R_A>
      
      uses their smartcard to sign a subject string m by applying the subject string m to the smartcard as said input string and using the resultant output as its signature for the subject string; and
      
      a recipient of the subject string and signature checks the signature by verifying that;
      
      (P_A, signature)=(R_A, H₁(m)) where H₁( ) is said known mapping function.
  - 4. A method according to claim 1, wherein:
    - the smartcard of each member is used to produce a respective public key each comprising a said first element P and corresponding second element R;
      
      a subject string m is encrypted for decryption with the involvement of a said member A who has an associated public key <
      
      P_A,R_A>
      
      , the subject string being encrypted by an Identifier-Based Encryption process based on bilinear mappings and using as encryption parameters both R_Aand a non-secret encryption key string.
  - 5. A method according to claim 4, wherein the encrypted subject string m is recovered by inputting the non-secret encryption key string into the smartcard of the member A and using the resultant output as a decryption key in decrypting the encrypted subject string.
  - 6. A method according to claim 5, wherein the encrypted subject string and the non-secret encryption key string are provided to processing apparatus that is associated with A and includes a smartcard interface, member A presenting their smartcard to the smartcard interface of the processing apparatus to enable the apparatus to use the smartcard to obtain the decryption key which the apparatus then uses to decrypt the encrypted subject string.
  - 7. A method according to claim 5, wherein the encrypted subject string and the non-secret encryption key string are provided to a printer that has a smartcard interface, member A presenting their smartcard to the printer'"'"'s smartcard interface to enable the printer to use the smartcard to obtain the decryption key which the printer then uses to decrypt the encrypted subject string for printing.
  - 8. A method according to claim 1, wherein a said member A acts as a trusted authority in respect of an Identifier-Based Cryptography, IBC, service based on bilinear mappings;
    - the member A providing a secret key for use in said IBC service after having confirmed that at least one condition specified in an encryption key string has been met, the member A using their smart card to generate said secret key by applying the encryption key string to the smartcard as said input string and using the resultant output as the secret key.
  - 9. A method according to claim 1, wherein the form of the second element is converted for output from the smartcard
  - 10. A method according to claim 1, wherein apart from any usage-security and secret generation features that may be present, the smartcards contain no cryptographic service functionality additional to the functionality associated with mapping a said input string to a said first element and multiplying this element by said secret.
  - 11. A method according to claim 1, wherein the first and second elements are points on the same elliptic curve.
  - 12. A method according to claim 11, wherein said bilinear mapping function is based on a Tate or Weil pairing.

13. A system for providing cryptographically-protected processes in an organisation, the system comprising:
- a plurality of smartcards for use by corresponding members of the organisation, each smartcard comprising;
  
  a non-volatile memory for holding a secret associated with the corresponding member, an input arrangement for receiving an input string, a first functional entity for mapping said input string to a first element of an algebraic group according to a known mapping function, a second functional entity for multiplying the first element by said secret to form a second element of said algebraic group such that there exists a computable bilinear map for the first and second elements, and an output arrangement for outputting said second element;
  
  a plurality of process sub-systems for implementing processes that, at least when considered together, involve at least encryption, decryption and signing cryptographic services involving the use of said smartcards with the same smartcard-held secret of a member being involved as required in all these services.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. A system according to claim 13, wherein each sub-system is arranged to store a respective public key produced by the smartcard of a said member, each such public key comprising the second element resulting from using as said input string for the smartcard an attribute string provided by sub-system concerned.
  - 15. A system according to claim 13, wherein at least one said sub-system is arranged to require signing of a subject string m by a said member A using their smartcard to process the subject string as said input string and present the resultant second element as a signature, the said at least one subsystem being arranged to check the signature by verifying that:
    - (P_A, signature)=(R_A, H₁(m)) where;
      
      H₁( ) is said known mapping function, and <
      
      P_A,R_A>
      
      is a trusted public key associated with the member A with P_Abeing a said first element, and R_Abeing a said second element, produced by use of the smart card of the member A.
  - 16. A system according to claim 13, wherein at least one said sub-system is arranged to encrypt a subject string m for decryption with the involvement of a said member A who has an associated public key <
    - P_A,R_A>
      
      where P_Ais a said first element, and R_Aa said second element, produced by use of the smart card of the member A, the said at least one sub-system being arranged to encrypt said subject string m by an Identifier-Based Encryption method based on bilinear mappings and using as encryption parameters both RA and a non-secret encryption key string.
  - 17. A system according to claim 16, wherein said at least one said sub-system is arranged to recover the encrypted subject string m by inputting the non-secret encryption key string into the smartcard of the member A and using the resultant output as a decryption key in decrypting the encrypted subject string.
  - 18. A system according to claim 13, wherein at least one said sub-system is arranged to use a said member A as a trusted authority in respect of an Identifier-Based Cryptography service based on bilinear mappings;
    - said at least one said sub-system being arranged to provide the member A with an encryption key string for presentation as said input string to A'"'"'s smartcard, and to receive back the resultant second element as a decryption key.
  - 19. A system according to claim 13, wherein the output arrangement of each smartcard is arranged to change the form of the second element prior to output from the smartcard.
  - 20. A system according to claim 13, wherein apart from any usage-security and secret generation features that may be present, the smartcards contain no cryptographic service functionality additional to the functionality associated with mapping a said input string to a said first element and multiplying this element by said secret.
  - 21. A system according to claim 13, wherein the first and second elements are points on the same elliptic curve.
  - 22. A system according to claim 21, wherein said bilinear mapping function is based on a Tate or Weil pairing.

23. A smartcard comprising:
- a non-volatile memory for holding a secret associated with a user of the card, an input arrangement for receiving an input string, a first functional entity for mapping said input string to a first element of an algebraic group according to a known mapping function, a second functional entity for multiplying the first element by said secret to form a second element of said algebraic group such that there exists a computable bilinear map for the first and second elements, and an output arrangement for outputting said second element.
- View Dependent Claims (24, 25, 26)
- - 24. A smartcard according to claim 23, wherein the output arrangement of each smartcard is arranged to change the form of the second element prior to output from the smartcard.
  - 25. A smartcard according to claim 23, wherein apart from any usage-security and secret generation features that may be present, the smartcard contain no cryptographic service functionality additional to the functionality associated with mapping a said input string to a said first element and multiplying this element by said secret.
  - 26. A smartcard according to claim 23, wherein the first and second elements are points on the same elliptic curve.

30. A smartcard according to claim 29, wherein said bilinear mapping function is based on a Tate or Weil pairing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Harrison, Keith Alexander, Chen, Liqun, Mont, Marco Casassa

Application Number

US10/982,500
Publication Number

US 20050102523A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Smartcard with cryptographic functionality and method and system for using such cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Smartcard with cryptographic functionality and method and system for using such cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links