Synchronization of cryptographic keys between two modules of a distributed system

US 6,064,989 A
Filed: 05/29/1997
Issued: 05/16/2000
Est. Priority Date: 05/29/1997
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for synchronizing cryptographic keys, the apparatus comprising:

a first module including a universal key;

a second module having stored therein a unique identifier and a unique key and wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module, the second module being in communication with the first module; and

control means for performing the following subsequent to manufacture of the first module and the second module;

initiating a communication session between the first module and the second module;

transmitting the unique identifier from the second module to the first module; and

deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module; and

wherein;

the universal key is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module is associated with a predetermined one of the plurality of domains;

the unique key is one of a plurality of unique keys each of which are stored within the second module, the plurality of unique keys correspond to the plurality of domains, respectively; and

the first module selects for use in subsequent communication the unique key in the second module that corresponds to the predetermined one of the plurality of domains.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The apparatus comprises: a first module including a universal key; a second module including a unique identifier and a unique key wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module. The second module is in communication with the first module. The apparatus further comprises a controller for performing the following subsequent to manufacture of the first module and the second module: initiating a communication session between the first module and the second module; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key. A method for synchronization of cryptographic keys between modules of a distributed system and a method of manufacturing a postage evidencing system are also provided.

Citations

11 Claims

1. An apparatus for synchronizing cryptographic keys, the apparatus comprising:
- a first module including a universal key;
  
  a second module having stored therein a unique identifier and a unique key and wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module, the second module being in communication with the first module; and
  
  control means for performing the following subsequent to manufacture of the first module and the second module;
  
  initiating a communication session between the first module and the second module;
  
  transmitting the unique identifier from the second module to the first module; and
  
  deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module; and
  
  wherein;
  
  the universal key is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module is associated with a predetermined one of the plurality of domains;
  
  the unique key is one of a plurality of unique keys each of which are stored within the second module, the plurality of unique keys correspond to the plurality of domains, respectively; and
  
  the first module selects for use in subsequent communication the unique key in the second module that corresponds to the predetermined one of the plurality of domains.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein:
    - the first module includes a memory and a security circuit having an embedded security key therein, the embedded security key is distinct from the universal key and the unique key;
      
      the universal key is stored within the first module memory in encrypted form using the embedded security key;
      
      the universal key in encrypted form is decrypted in the security circuit using the embedded security key;
      
      the unique identifier is brought within the security circuit; and
      
      the unique key is derived in the security circuit.
  - 3. The apparatus of claim 2, wherein:
    - the first module is a postage meter;
      
      the second module is a printer; and
      
      the unique key is derived prior to printing a postal indicia.

4. A method of synchronizing cryptographic keys between a first module and a second module, the second module in communication with the first module, the method comprising the step(s) of:
- providing a plurality of domains of first modules;
  
  storing a universal key in the first module;
  
  storing a unique identifier in the second module;
  
  storing a unique key in the second module wherein the unique key is derived from the unique identifier and the universal key;
  
  associating the universal key with a predetermined one of the plurality of domains and wherein the unique key is one of a plurality of unique keys, each of which are stored within the second module, corresponding to the plurality of domains, respectively;
  
  initiating a communication session between the first module and the second module subsequent to manufacture of the meter and the printer;
  
  selecting, for use in subsequent communication with the first module, the unique key in the second module corresponding to the predetermined one of the plurality of domains;
  
  transmitting the unique identifier from the second module to the first module; and
  
  deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, further comprising the step(s) of:
    - providing the first module with a memory and a security circuit having an embedded security key therein, the embedded security key is distinct from the universal key and the unique key;
      
      storing the universal key within the first module memory in encrypted form using the embedded security key;
      
      decrypting the universal key in the security circuit using the embedded security key;
      
      bringing the unique identifier within the security circuit; and
      
      deriving the unique key in the security circuit.
  - 6. The apparatus of claim 5, wherein:
    - the first module is a postage meter; and
      
      the second module is a printer; and
      
      further comprising the step(s) of;
      
      deriving the unique key prior to printing a postal indicia.

7. A method of manufacturing a postage evidencing system including a meter and a printer, comprising the step(s) of:
- establishing a plurality of domains of meters;
  
  storing a universal key in the meter;
  
  storing a unique identifier in the printer;
  
  storing a unique key in the printer wherein the unique key is derived from the unique identifier and the universal key; and
  
  associating the universal key stored in the meter with a predetermined one of the plurality of domains;
  
  storing a plurality of unique keys corresponding to the plurality of domains, respectively, in the printer wherein the unique key is one of the plurality of unique keys; and
  
  providing a control means capable of;
  
  initiating a communication session between the meter and the printer subsequent to manufacture of the meter and the printer;
  
  selecting, for use in subsequent communication with the meter, the unique key in the printer corresponding to the predetermined one of the plurality of domains;
  
  transmitting the unique identifier from the printer to the meter; and
  
  deriving the unique key in the meter using the unique identifier and the universal key so that the unique key exists in both the meter and the printer.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, further comprising the step(s) of:
    - providing the meter with a memory and a security circuit having an embedded security key therein, the embedded security key is distinct from the universal key and the unique key;
      
      storing the universal key within the meter memory in encrypted form using the embedded security key;
      
      decrypting the universal key in the security circuit using the embedded security key;
      
      bringing the unique identifier within the security circuit; and
      
      deriving the unique key in the security circuit.
  - 9. The apparatus of claim 8, further comprising the step(s) of:
    - providing the control means with capability to derive the unique key prior to printing a postal indicia.

10. An apparatus for synchronizing cryptographic keys, the apparatus comprising:
- a first module including a universal key, the universal key being one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules, the first module being associated with a predetermined one of the plurality of domains;
  
  a second module having stored therein a plurality of communication keys each of which are derived from the universal key and are associated with a respective one of the plurality of domains of first modules, the second module being in communication with the first module; and
  
  a control system for performing the following;
  
  initiating a communication session between the first module and the second module;
  
  selecting a particular communication key from the plurality of communication keys stored within the second module that corresponds to the predetermined one of the plurality of domains;
  
  deriving the communication key in the first module so that the communication key exists in both the first module and the second module; and
  
  using the communication key to convey messages between the first module and the second module.

11. A method of synchronizing cryptographic keys between a first module and a second module, the second module in communication with the first module, the method comprising the step(s) of:
- initiating a communication session between the first module and the second module where the first module includes a universal key that is one of a plurality of universal keys where each universal key is associated with a respective one of a plurality of domains of first modules and the first module is associated with a predetermined one of the plurality of domains;
  
  selecting a particular communication key from a plurality of communication keys stored within the second module where the plurality of communication keys, each of which are derived from the universal key, are associated with a respective one of the plurality of domains of first modules and the particular communication key corresponds to the predetermined one of the plurality of domains;
  
  deriving the communication key in the first module so that the communication key exists in both the first module and the second module; and
  
  using the communication key to convey messages between the first module and the second module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pitney Bowes Incorporated (Böwe Systec AG)
Original Assignee
Pitney Bowes Incorporated (Böwe Systec AG)
Inventors
Wald, Joel L., Naclario, Edward J., Ryan, Frederick W. Jr., Parkos, Maria P., Scribe, Mark A., Cordery, Robert A., Davies, Brad L., Steinmetz, John H., Loglisci, Louis J.
Primary Examiner(s)
Voeltz, Emanuel Todd
Assistant Examiner(s)
Dixon, Thomas A.

Application Number

US08/864,929
Time in Patent Office

1,083 Days
Field of Search

380/21, 380/1, 380/60, 380/50, 380/221, 705/1, 705/60, 705/50
US Class Current

705/50
CPC Class Codes

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00161   from a central, non-user lo...

G07B 2017/00169   from a franking apparatus, ...

G07B 2017/00322   Communication between compo...

G07B 2017/0087   Key distribution

H04L 9/12   Transmitting and receiving ...

H04L 9/14   using a plurality of keys o...

Synchronization of cryptographic keys between two modules of a distributed system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Synchronization of cryptographic keys between two modules of a distributed system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links