Secure interface for versatile key derivation function support

US 20070076866A1
Filed: 11/14/2005
Published: 04/05/2007
Est. Priority Date: 11/11/2004
Status: Active Grant

First Claim

Patent Images

1. A method of computing a cryptographic function involving a shared secret, said shared secret being accessible to a first module, the method comprising the steps of:

performing on the first module, at least one operation of the cryptographic function utilizing said shared secret; and

providing a result of said at least one operation to an application running on a second module to complete computation of said cryptographic function.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improper re-use of a static Diffie-Hellman (DH) private key may leak information about the key. The leakage is prevented by a key derivation function (KDF), but standards do not agree on key derivation functions. The module for performing a DH private key operation must somehow support multiple different KDF standards. The present invention provides an intermediate approach that neither attempts to implement all possible KDP operations, nor provide unprotected access to the raw DH private key operation. Instead, the module performs parts of the KDF operation, as indicated by the application using the module. This saves the module from implementing the entire KDF for each KDF needed. Instead, the module implements only re-usable parts that are common to most KDFs. Furthermore, when new KDFs are required, the module may be able to support them if they built on the parts that the module has implemented.

21 Citations

View as Search Results

18 Claims

1. A method of computing a cryptographic function involving a shared secret, said shared secret being accessible to a first module, the method comprising the steps of:
- performing on the first module, at least one operation of the cryptographic function utilizing said shared secret; and
  
  providing a result of said at least one operation to an application running on a second module to complete computation of said cryptographic function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1 wherein said cryptographic function is a key derivation function.
  - 3. A method according to claim 1 wherein said shared secret is a Diffie-Hellman (DH) shared secret.
  - 4. A method according to claim 2 wherein said at least one operation includes a hash function.
  - 5. A method according to claim 4 wherein said hash function is SHA-1.
  - 6. A method according to claim 5 wherein said key derivation function is ANSI X9.63 and wherein said function operates having said second module instruct said first module to compute SHA-1 using inputs provided by said second module;
    - said first module producing said result, said result being the output of said SHA-1; and
      
      said second module obtaining said result to complete said function and derive a key therefrom.
  - 7. A method according to claim 5 wherein said key derivation function is TLS PRF and wherein said function operates having said second module instruct said first module to divide said shared secret into a first half and a second half;
    - said first module providing a pointer to said second half and said first half as a first output;
      
      said second module instructing said first module to perform a first SHA-1 using a first set of inputs and instructing said first module to perform a second SHA-1 based on the result of said first SHA-1 and a second set of inputs, the result of said second SHA-1 being a second output; and
      
      said second module using said first and second outputs to compute P_SHA-1, complete said function, and derive a key therefrom.
  - 8. A method according to claim 1 wherein said first module is secured by anti-tampering protection.
  - 9. A method according to claim 1 wherein said first module is provided a program having a java execution language from said second module for executing a plurality of cryptographic functions wherein said first module ensures the outputs of operations performed thereon undergo secure algorithms.
  - 10. A method according to claim 9 wherein said program is digitally signed by said second module and said first module accesses a public verification key for verifying digital signatures of said program.

11. A cryptographic apparatus comprising:
- a first module having a shared secret and a processor to perform at least one cryptographic operation using said shared secret and produce a result therefrom;
  
  a second module running an application to compute a cryptographic function; and
  
  a data connection between said first and second modules to transfer said result from said first module to said second module to enable said second module to complete computation of said cryptographic function using said result.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. An apparatus according to claim 11 wherein said first and second modules are comprised by a single device.
  - 13. An apparatus according to claim 11 wherein said first module is secured by anti-tampering protection.
  - 14. An apparatus according to claim 11 wherein said first module comprises a program having a java execution language provided by said second module, said program for executing a plurality of cryptographic functions wherein said first module ensures the outputs of operations performed thereon undergo secure algorithms.
  - 15. An apparatus according to claim 14 wherein said second module further comprises a digital signature module for digitally signing said program and said first module further comprises a public verification key for verifying signatures generated by said digital signature module.
  - 16. An apparatus according to claim 11 wherein said cryptographic function is a key derivation function and said at least one operation is a hash function.
  - 17. An apparatus according to claim 16 wherein said hash function is SHA-1 and said shared secret is a DH shared secret.
  - 18. An apparatus according to claim 16 wherein said key derivation function is one of ANSI X9.63 and TLS PRF.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Gallant, Robert, Brown, Daniel, Vanstone, Scott

Granted Patent

US 8,335,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

G06F 21/00 Security arrangements for p...

H04L 9/0841 involving Diffie-Hellman or...

Secure interface for versatile key derivation function support

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Secure interface for versatile key derivation function support

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others