Synchronization of cryptographic keys between two modules of a distributed system
First Claim
1. An apparatus for synchronizing cryptographic keys, the apparatus comprising:
- a first module including a universal key;
a second module having stored therein a unique identifier and a unique key and wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module, the second module being in communication with the first module; and
control means for performing the following subsequent to manufacture of the first module and the second module;
initiating a communication session between the first module and the second module;
transmitting the unique identifier from the second module to the first module; and
deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module; and
wherein;
the universal key is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module is associated with a predetermined one of the plurality of domains;
the unique key is one of a plurality of unique keys each of which are stored within the second module, the plurality of unique keys correspond to the plurality of domains, respectively; and
the first module selects for use in subsequent communication the unique key in the second module that corresponds to the predetermined one of the plurality of domains.
1 Assignment
0 Petitions
Accused Products
Abstract
The apparatus comprises: a first module including a universal key; a second module including a unique identifier and a unique key wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module. The second module is in communication with the first module. The apparatus further comprises a controller for performing the following subsequent to manufacture of the first module and the second module: initiating a communication session between the first module and the second module; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key. A method for synchronization of cryptographic keys between modules of a distributed system and a method of manufacturing a postage evidencing system are also provided.
-
Citations
11 Claims
-
1. An apparatus for synchronizing cryptographic keys, the apparatus comprising:
-
a first module including a universal key; a second module having stored therein a unique identifier and a unique key and wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module, the second module being in communication with the first module; and control means for performing the following subsequent to manufacture of the first module and the second module; initiating a communication session between the first module and the second module; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module; and wherein; the universal key is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module is associated with a predetermined one of the plurality of domains; the unique key is one of a plurality of unique keys each of which are stored within the second module, the plurality of unique keys correspond to the plurality of domains, respectively; and the first module selects for use in subsequent communication the unique key in the second module that corresponds to the predetermined one of the plurality of domains. - View Dependent Claims (2, 3)
-
-
4. A method of synchronizing cryptographic keys between a first module and a second module, the second module in communication with the first module, the method comprising the step(s) of:
-
providing a plurality of domains of first modules; storing a universal key in the first module; storing a unique identifier in the second module; storing a unique key in the second module wherein the unique key is derived from the unique identifier and the universal key; associating the universal key with a predetermined one of the plurality of domains and wherein the unique key is one of a plurality of unique keys, each of which are stored within the second module, corresponding to the plurality of domains, respectively; initiating a communication session between the first module and the second module subsequent to manufacture of the meter and the printer; selecting, for use in subsequent communication with the first module, the unique key in the second module corresponding to the predetermined one of the plurality of domains; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module. - View Dependent Claims (5, 6)
-
-
7. A method of manufacturing a postage evidencing system including a meter and a printer, comprising the step(s) of:
-
establishing a plurality of domains of meters; storing a universal key in the meter; storing a unique identifier in the printer; storing a unique key in the printer wherein the unique key is derived from the unique identifier and the universal key; and associating the universal key stored in the meter with a predetermined one of the plurality of domains; storing a plurality of unique keys corresponding to the plurality of domains, respectively, in the printer wherein the unique key is one of the plurality of unique keys; and providing a control means capable of; initiating a communication session between the meter and the printer subsequent to manufacture of the meter and the printer; selecting, for use in subsequent communication with the meter, the unique key in the printer corresponding to the predetermined one of the plurality of domains; transmitting the unique identifier from the printer to the meter; and deriving the unique key in the meter using the unique identifier and the universal key so that the unique key exists in both the meter and the printer. - View Dependent Claims (8, 9)
-
-
10. An apparatus for synchronizing cryptographic keys, the apparatus comprising:
-
a first module including a universal key, the universal key being one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module being associated with a predetermined one of the plurality of domains; a second module having stored therein a plurality of communication keys each of which are derived from the universal key and are associated with a respective one of the plurality of domains of first modules, the second module being in communication with the first module; and a control system for performing the following; initiating a communication session between the first module and the second module; selecting a particular communication key from the plurality of communication keys stored within the second module that corresponds to the predetermined one of the plurality of domains; deriving the communication key in the first module so that the communication key exists in both the first module and the second module; and using the communication key to convey messages between the first module and the second module.
-
-
11. A method of synchronizing cryptographic keys between a first module and a second module, the second module in communication with the first module, the method comprising the step(s) of:
-
initiating a communication session between the first module and the second module where the first module includes a universal key that is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules and the first module is associated with a predetermined one of the plurality of domains; selecting a particular communication key from a plurality of communication keys stored within the second module where the plurality of communication keys, each of which are derived from the universal key, are associated with a respective one of the plurality of domains of first modules and the particular communication key corresponds to the predetermined one of the plurality of domains; deriving the communication key in the first module so that the communication key exists in both the first module and the second module; and using the communication key to convey messages between the first module and the second module.
-
Specification