Authentication for secure devices with limited cryptography
First Claim
Patent Images
1. A method of authentication using a secure device that has the capability to do public-key cryptography and generate random numbers, comprising:
- a. the installation authority authenticates that the device is untampered and genuine, and the device authenticates that the installation authority is genuine, which establishes an authenticated communication path between the installation authority and the device;
b. the installation authority sends an authenticated communication to the device which contains the authenticating authority public key, and a signal for the device to begin secret key authentication initialization;
c. the device uses its random number generator to generate a new set of primary secret key authentication keys;
d. the device enciphers the new set of primary secret key authentication keys with the authenticating authority public key, to form a secret key authentication core, and then transmits the secret key authentication core to the installation authority;
e. the installation authority takes the secret key authentication core, appends identifying information and other parameters to form a secret key authentication certificate, and the installation authority signs this certificate with an installation authority private key; and
f. the installation authority then stores the signed secret key authentication certificate in a manner to allow an authenticating authority who wishes to authenticate the device to obtain it.
0 Assignments
0 Petitions
Accused Products
Abstract
Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.
-
Citations
3 Claims
-
1. A method of authentication using a secure device that has the capability to do public-key cryptography and generate random numbers, comprising:
-
a. the installation authority authenticates that the device is untampered and genuine, and the device authenticates that the installation authority is genuine, which establishes an authenticated communication path between the installation authority and the device;
b. the installation authority sends an authenticated communication to the device which contains the authenticating authority public key, and a signal for the device to begin secret key authentication initialization;
c. the device uses its random number generator to generate a new set of primary secret key authentication keys;
d. the device enciphers the new set of primary secret key authentication keys with the authenticating authority public key, to form a secret key authentication core, and then transmits the secret key authentication core to the installation authority;
e. the installation authority takes the secret key authentication core, appends identifying information and other parameters to form a secret key authentication certificate, and the installation authority signs this certificate with an installation authority private key; and
f. the installation authority then stores the signed secret key authentication certificate in a manner to allow an authenticating authority who wishes to authenticate the device to obtain it.
-
-
2. A method of authentication using a secure device which does not have the capability to do public-key cryptography and generate random numbers, comprising:
-
a. the installation authority authenticates that the device is untampered and genuine, and the device authenticates that the installation authority is genuine, which establishes an authenticated communication path between the installation authority and the device;
b. the installation authority generates a new set of primary secret key authentication keys for the device, and then transmits the new set of primary secret key authentication keys to the device;
c. the device enciphers the new set of primary secret key authentication keys with the authenticating authority public key, to form a secret key authentication core, and then transmits the secret key authentication core to the installation authority;
d. the installation authority takes the secret key authentication core, appends identifying information and other parameters to form a secret key authentication certificate, and the installation authority signs this certificate with an installation authority private key; and
e. the installation authority then stores the signed secret key authentication certificate in a manner to allow an authenticating authority who wishes to authenticate the device to obtain it.
-
-
3. A method wherein an authenticating authority performs mutual authentication with a device comprising:
-
a. the authenticating authority obtains a secret key authentication certificate for the device;
b. the authenticating authority uses the known public key of the installation authority to verify the signature on the secret key authentication certificate to assure that the secret key authentication certificate is authentic;
c. the authenticating authority uses its own private key to decrypt the secret key authentication core and extract an appropriate primary secret key authentication key;
d. the authenticating authority then uses the primary secret key authentication key to generate two secondary secret key authentication keys, a first secondary secret key authentication key for encrypting, and a second secondary secret key authentication key for a MACs algorithm;
e. the device retrieves the appropriate primary secret key authentication key from a secure memory, and then uses the primary secret key authentication key to generate two secondary secret key authentication keys, a first secondary secret key authentication key for encrypting, and a second secondary secret key authentication key for a MACs algorithm;
f. the authenticating authority and the device then each generate or obtain a nonce for this session; and
g. the authenticating authority and the device then exchange a sequence of authenticated messages.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsSmith, Sean William, Matyas, Stephen M.
-
Primary Examiner(s)Barron, Jr., Gilberto
-
Application NumberUS09/644,185Time in Patent Office286 DaysField of Search713/172, 713/173, 713/168, 713/169, 713/170, 713/180, 713/159, 380/30, 380/286, 705/66US Class Current713/172CPC Class CodesG06Q 20/3672 initialising or reloading t...H04L 9/3263 involving certificates, e.g...H04L 9/3273 for mutual authentication n...
