Method for verifying the use of public keys generated by an on-board system
First Claim
1. A method for verifying the usage of public keys of a set of asymmetric keys, a public key (Kp) and private key (Ks) generated for a given use, such as encryption/decryption or digital signature verification/generation, by an on-board system and stored in the storage area of the on-board system (Si) equipped with cryptographic calculation means and externally accessible read/write-protected means for storing digital data, said digital data (IDdi) comprising at least a serial number (SNi) for identifying the on-board system and an identification code (Opj) of an operator authorized to configure said on-board system, a request being formulated by said on-board system by transmitting a request message (MRCA) containing said public key (Kp) to a certification authority (CA), comprising:
- PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST, DURING THE CONFIGURATION OF A SET (Lk) OF ON-BOARD SYSTEMS (Si) BY THE AUTHORIZED OPERATOR;
generating by the authorized operator, for said set of on-board systems, a mother public key (KpM) and a mother private key (KsM) used in connection with a process supported by an algorithm (CA1M);
publishing said mother public key (KpM) associated with the algorithm (CA1M), the identification code of said authorized operator (OPj), and defining a range of on-board system identifiers for the set (Lk) of on-board systems;
calculating, for each on-board system of said set (Lk) of on-board systems, from said mother private key (KsM) and from the serial number (SNi) of the on-board system, a diversified private key (KsMi), and storing said diversified private key (KsMi) in said externally accessible, read/write-protected storage area, and;
PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST MESSAGE;
generating by the on-board system a certification request (RCA) containing, in particular, a field of the public key (Kp) and usage indicators (U) of said public key,using said calculation means and said diversified key (KsMi) associated with this on-board system to calculate a cryptographic control value (Sci) on the entire request (RCA), said cryptographic control value being a digital signature calculated by means of the diversified private key (KsMi);
WHEN A CERTIFICATION REQUEST IS SENT TO THE CERTIFICATION AUTHORITY BY THE ON-BOARD SYSTEM;
forming a certification request message (MRCA) containing the request (RCA), the identifier (IDdi) of the on-board system, the request message being constituted by the identification code (OPj) of this authorized operator and by the serial number (SNi) of the on-board system, and a cryptographic control value (Sci);
transmitting to the certification authority (CA) said request message (MRCA) formed during the preceding phase and containing the pubic key (Kp) and the usage indicators (U) subject to said certification, and said cryptographic control value (Sci); and
WHEN A CERTIFICATION REQUEST MESSAGE (MRCA) IS RECEIVED BY THE CERTIFICATION AUTHORITY;
retrieving the identification code of the authorized operator (OPj) from the digital data (IDdi) of the on-board system,retrieving from said identification code (OPj) of said authorized operator, the value of the mother public key (KpM) as well as the identifier of the algorithm (CA1M) associated with the set (Lk) of the on-board system,verifying from said mother public key (KPM), from said serial number (SNi) of the on-board system, and from said certification request message (MRCA) received, said cryptographic control value (Sci), and establishing the authenticity of said cryptographic control value and the source of this certification request.
1 Assignment
0 Petitions
Accused Products
Abstract
For a set (Lk) of embedded systems, an authorized operator with identifier (OPj) creates a mother public key (KpM) and a mother private key (KsM). The identifier (OPj), the range of identifiers referenced (Lk) and the mother public key (KpM) are published. For each embedded system (SNi), a diversified key (KsMi) is created from the identifier (SNi) and stored. For every public key (Kp) generated by an embedded system, a cryptographic control value (Sci) is calculated on the public key (Kp), an algorithm identifier (CA1) and the utilization parameters (U) of this key, using a zero knowledge signature algorithm, and a certification request message (MRCA) that includes control value (Sci), the identifier of the operator (Opj), and identifier (SNi) is transmitted to a certification authority, which retrieves the identifier (Opj) and the value of the mother public key (KpM).
-
Citations
6 Claims
-
1. A method for verifying the usage of public keys of a set of asymmetric keys, a public key (Kp) and private key (Ks) generated for a given use, such as encryption/decryption or digital signature verification/generation, by an on-board system and stored in the storage area of the on-board system (Si) equipped with cryptographic calculation means and externally accessible read/write-protected means for storing digital data, said digital data (IDdi) comprising at least a serial number (SNi) for identifying the on-board system and an identification code (Opj) of an operator authorized to configure said on-board system, a request being formulated by said on-board system by transmitting a request message (MRCA) containing said public key (Kp) to a certification authority (CA), comprising:
-
PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST, DURING THE CONFIGURATION OF A SET (Lk) OF ON-BOARD SYSTEMS (Si) BY THE AUTHORIZED OPERATOR; generating by the authorized operator, for said set of on-board systems, a mother public key (KpM) and a mother private key (KsM) used in connection with a process supported by an algorithm (CA1M); publishing said mother public key (KpM) associated with the algorithm (CA1M), the identification code of said authorized operator (OPj), and defining a range of on-board system identifiers for the set (Lk) of on-board systems; calculating, for each on-board system of said set (Lk) of on-board systems, from said mother private key (KsM) and from the serial number (SNi) of the on-board system, a diversified private key (KsMi), and storing said diversified private key (KsMi) in said externally accessible, read/write-protected storage area, and; PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST MESSAGE; generating by the on-board system a certification request (RCA) containing, in particular, a field of the public key (Kp) and usage indicators (U) of said public key, using said calculation means and said diversified key (KsMi) associated with this on-board system to calculate a cryptographic control value (Sci) on the entire request (RCA), said cryptographic control value being a digital signature calculated by means of the diversified private key (KsMi); WHEN A CERTIFICATION REQUEST IS SENT TO THE CERTIFICATION AUTHORITY BY THE ON-BOARD SYSTEM; forming a certification request message (MRCA) containing the request (RCA), the identifier (IDdi) of the on-board system, the request message being constituted by the identification code (OPj) of this authorized operator and by the serial number (SNi) of the on-board system, and a cryptographic control value (Sci); transmitting to the certification authority (CA) said request message (MRCA) formed during the preceding phase and containing the pubic key (Kp) and the usage indicators (U) subject to said certification, and said cryptographic control value (Sci); and WHEN A CERTIFICATION REQUEST MESSAGE (MRCA) IS RECEIVED BY THE CERTIFICATION AUTHORITY; retrieving the identification code of the authorized operator (OPj) from the digital data (IDdi) of the on-board system, retrieving from said identification code (OPj) of said authorized operator, the value of the mother public key (KpM) as well as the identifier of the algorithm (CA1M) associated with the set (Lk) of the on-board system, verifying from said mother public key (KPM), from said serial number (SNi) of the on-board system, and from said certification request message (MRCA) received, said cryptographic control value (Sci), and establishing the authenticity of said cryptographic control value and the source of this certification request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An on-board system comprising a card having a microprocessor, a RAM, a nonvolatile memory including programmable memory and an externally accessible protected storage area memory, a cryptographic calculation module and an input/output system connected by a link of the BUS type,
a diversified private key KsMi stored in said externally accessible protected memory, said diversified private key, being unique and distinct for said on-board system and calculated from a mother private key KsM and an identification number of said on-board system, and being further associated with mother public key KpM; -
said cryptographic calculation module comprising; means for calculating a signature from said diversified private key KsMi, making it possible to calculate the signature of a certification request to certify a public key Kp associated with a private encryption key Ks or signature key, respectively, said private key Ks generated by said signature calculation means being stored in said externally accessible protected memory, said signature of the certification request being a function of the identification number of said on-board system and an identification code of an authorized operator, said signature calculation means making it possible to transmit to a certification authority a certification request message containing said certification request and said signature, which allows said certification authority to verify the source of the certification request from said on-board system and the protection of said diversified private key and private signature key in said externally accessible protected memory using only public elements, such as said mother public key KpM.
-
Specification