Mutual authentication system and method for protection of postal security devices and infrastructure
First Claim
1. A method of mutually authenticating a postal security device and an infrastructure, said infrastructure initializing said postal security device, said method using a secret key known to said postal security device and said infrastructure, said postal security device having a PSD public key and a corresponding PSD private key, said infrastructure having a provider public key and a corresponding provider private key, the method comprising:
- said infrastructure preparing a signed provider key record using said provider public key and said provider private key, said signed provider key record including said provider public key and a first digital signature;
said infrastructure creating a first message authentication code using said signed provider key record and said secret key and sending said signed provider key record and said first message authentication code to said postal security device;
said postal security device authenticating said signed provider key record using said first message authentication code;
said postal security device authenticating said provider public key using said first digital signature;
said postal security device preparing a signed PSD key record using said PSD public key and said PSD private key, said signed PSD key record including said PSD public key and a second digital signature;
said postal security device preparing a second message authentication code using said signed PSD key record and said secret key and sending said signed PSD key record and said second message authentication code to said infrastructure;
said infrastructure authenticating said signed PSD key record using said second message authentication code; and
said infrastructure authenticating said PSD public key using said second digital signature.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating a PSD and an initializing infrastructure that uses a secret key, a PSD public/private key pair and a provider public/private key pair. The infrastructure prepares a signed provider key record using the provider public key and the provider private key and a first MAC using the signed provider key record and the secret key. Both are sent to the PSD. The PSD authenticates the signed provider key record using the first MAC and the provider public key using the included digital signature. The PSD prepares a signed PSD key record using the PSD public key and the PSD private key and a second MAC using the signed PSD key record and the secret key. Both are sent to the infrastructure. The infrastructure authenticates the signed PSD key record using the second MAC and the PSD public key using the included digital signature.
19 Citations
12 Claims
-
1. A method of mutually authenticating a postal security device and an infrastructure, said infrastructure initializing said postal security device, said method using a secret key known to said postal security device and said infrastructure, said postal security device having a PSD public key and a corresponding PSD private key, said infrastructure having a provider public key and a corresponding provider private key, the method comprising:
-
said infrastructure preparing a signed provider key record using said provider public key and said provider private key, said signed provider key record including said provider public key and a first digital signature;
said infrastructure creating a first message authentication code using said signed provider key record and said secret key and sending said signed provider key record and said first message authentication code to said postal security device;
said postal security device authenticating said signed provider key record using said first message authentication code;
said postal security device authenticating said provider public key using said first digital signature;
said postal security device preparing a signed PSD key record using said PSD public key and said PSD private key, said signed PSD key record including said PSD public key and a second digital signature;
said postal security device preparing a second message authentication code using said signed PSD key record and said secret key and sending said signed PSD key record and said second message authentication code to said infrastructure;
said infrastructure authenticating said signed PSD key record using said second message authentication code; and
said infrastructure authenticating said PSD public key using said second digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification
-
- Resources
-
Current AssigneePitney Bowes Incorporated (Böwe Systec AG)
-
Original AssigneePitney Bowes Incorporated (Böwe Systec AG)
-
InventorsAthens, G. Thomas, Shukaitis, Michael J., Sission, Robert W.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current705/67
-
CPC Class CodesG06Q 20/3674 involving authenticationG06Q 20/382 insuring higher security of...G06Q 20/3829 involving key managementG07B 17/00733 Cryptography or similar spe...G07B 2017/00774 MAC (Message Authentication...G07B 2017/00846 Key managementG07B 2017/00967 PSD [Postal Security Device...G07C 9/38 with central registrationH04L 9/3242 involving keyed hash functi...H04L 9/3247 involving digital signaturesH04L 9/3273 for mutual authentication n...
