Authentication for secure devices with limited cryptography
First Claim
1. A method for authenticating a secure device of the type that are built with full cryptography and are subject to various failures that leave them with only limited cryptography, the method comprising:
- a. while the secure device is in a secure state in a secure environment, an installation authority initializing the device by installing a secret value in the device;
b. transporting the device from the secure environment to an insecure environment, wherein an outside event alters the state of the device and changes the device from having full cryptography to only limited cryptography;
c. transporting the device from the insecure environment to a secure environment, and then an authenticating authority reinitializing the device by using the secret value.
1 Assignment
0 Petitions
Accused Products
Abstract
Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.
84 Citations
11 Claims
-
1. A method for authenticating a secure device of the type that are built with full cryptography and are subject to various failures that leave them with only limited cryptography, the method comprising:
-
a. while the secure device is in a secure state in a secure environment, an installation authority initializing the device by installing a secret value in the device; b. transporting the device from the secure environment to an insecure environment, wherein an outside event alters the state of the device and changes the device from having full cryptography to only limited cryptography; c. transporting the device from the insecure environment to a secure environment, and then an authenticating authority reinitializing the device by using the secret value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for authenticating a secure device of the type that are built with full cryptography and are subject to various failures that leave them with only limited cryptography, the method comprising:
-
a. while the secure device is in a secure state in a secure environment, an installation authority initializing the device by installing a secret value in the device; b. transporting the device from the secure environment to an insecure environment, wherein an outside event alters the state of the device; c. transporting the device from the insecure environment to a secure environment, and then an authenticating authority reinitializes the device by using the secret value; wherein the state change is the loss of full cryptography, the initializing step includes the step of using the full cryptography of the device to initialize the device, the installation authority does not retain the secret value, and the messages include sequence number, nonces, direction, a MAC calculated with a shared secret key, and then are encrypted with a shared secret key.
-
-
9. A method for protecting a device of the type that are built with full cryptography and that are subject to various failures that leave them with only limited cryptography, and which possesses secret data, including a primary secret key authentication key, in nonvolatile EEPROM, the method comprising:
-
a. including in the secret data a challenge secret and a response secret; b. storing the secret data inside a microcontoller chip; c. providing a microcontroller firmware that does not release the response secret unless the firmware is first presented with the correct challenge secret. - View Dependent Claims (10, 11)
-
Specification