Constructive Channel Key
First Claim
1. A method of generating a constructive channel key, comprising:
- providing an issuer with a card public key as the keying part of a CKM credential;
computing an ephemeral key pair by the issuer using pre-established enterprise domain parameters;
computing a shared value for the ephemeral private key and the card public key using D-H key agreement;
destroying the ephemeral private key;
combining the shared value with a static key value;
splitting the static key value into four blocks;
truncating the first block to be used for a session encryption key;
truncating the second block to be used for a session MAC key;
truncating the third block to be used for a session key encryption key; and
truncating the fourth block to be used for an initial IVEC.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of generating a constructive channel key includes providing an issuer with a card public key as the keying part of a CKM credential. An ephemeral key pair is computed by the issuer using pre-established enterprise domain parameters. A shared value for the ephemeral private key and the card public key is computed using D-H key agreement. The ephemeral private key is destroyed. The shared value is combined with a static key value. The static key value is split into four blocks. The first block is truncated to be used for a session encryption key. The second block is truncated to be used for a session MAC key. The third block is truncated to be used for a session key encryption key. The fourth block is truncated to be used for an initial IVEC.
-
Citations
1 Claim
-
1. A method of generating a constructive channel key, comprising:
-
providing an issuer with a card public key as the keying part of a CKM credential; computing an ephemeral key pair by the issuer using pre-established enterprise domain parameters; computing a shared value for the ephemeral private key and the card public key using D-H key agreement; destroying the ephemeral private key; combining the shared value with a static key value; splitting the static key value into four blocks; truncating the first block to be used for a session encryption key; truncating the second block to be used for a session MAC key; truncating the third block to be used for a session key encryption key; and truncating the fourth block to be used for an initial IVEC.
-
Specification