System and method for secure replacement of high level cryptographic keys in a personal security device
First Claim
Patent Images
1. A data processing system for initially generating and installing at least one personal security device PSD master key replacement key and at least one PSD master key inside at least one PSD, said system comprising:
- a first server including a data storage section, wherein said first server is functionally connected to a first hardware security module HSM and a PSD writer;
said PSD writer functionally connected to said first server and said at least one PSD;
said at least one PSD including a non-mutable unique identification number to be sent to said first HSM, a security executive, a first high level key slot and a second high level key slot, wherein said PSD is functionally connected to said PSD writer;
said first HSM including at least one stored public key, at least one stored master key data block, at least one stored master key replacement key data block and a random number generator that generates a random number, wherein said first HSM is functionally connected to said first server;
said first HSM comprising a first diversification section that uses said random number to diversify said master key replacement key data block, which generates a unique key replacement key associated with said non-mutable unique identification number.
4 Assignments
0 Petitions
Accused Products
Abstract
A data processing system and method for generating and installing a master key replacement key and a new master key post issuance without using a potentially compromised master key to access a PSD'"'"'s security executive.
64 Citations
32 Claims
-
1. A data processing system for initially generating and installing at least one personal security device PSD master key replacement key and at least one PSD master key inside at least one PSD, said system comprising:
-
a first server including a data storage section, wherein said first server is functionally connected to a first hardware security module HSM and a PSD writer; said PSD writer functionally connected to said first server and said at least one PSD; said at least one PSD including a non-mutable unique identification number to be sent to said first HSM, a security executive, a first high level key slot and a second high level key slot, wherein said PSD is functionally connected to said PSD writer; said first HSM including at least one stored public key, at least one stored master key data block, at least one stored master key replacement key data block and a random number generator that generates a random number, wherein said first HSM is functionally connected to said first server; said first HSM comprising a first diversification section that uses said random number to diversify said master key replacement key data block, which generates a unique key replacement key associated with said non-mutable unique identification number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A data processing system for post issuance master key replacement for at least one personal security device (PSD), said system comprising:
-
a client functionally connected to said at least one PSD and in secure communications with a first server; said at least one PSD including a non-mutable unique identification number, a pre-installed key replacement key, an active master key and a security executive, wherein said PSD is functionally connected to said client; a first server including at least one stored unique cryptogram associated with said non-mutable unique identification number, wherein said first server is functionally connected to a first hardware security module HSM and in secure communications with said client; a second server functionally connected to a second HSM; said first HSM including a cryptographic section, a key generation and key transfer section, wherein said first HSM is functionally connected to said first server; said second HSM including a cryptographic section, a master key replacement key data block, a master key data block, a key generation and key transfer section, at least one stored private key, wherein said second HSM is functionally connected to said second server; a first transfer section that securely transfers said master key replacement key data block, said master key data block, and said at least one stored private key from said second HSM to said first HSM; a second transfer section that transfers said non-mutable unique identification number to said first server and a retrieving section that retrieves said at least one stored unique cryptogram corresponding to said non-mutable unique identification number; a third transfer section that transfers said at least one stored unique cryptogram and said non-mutable unique identification number from said first server to said first HSM; a decrypting section that uses said at least one stored private key to decrypt said at least one stored unique cryptogram, resulting in a random number specific to said at least one PSD; and a first diversification section that uses said random number to diversify said master key replacement key data block, generating a master key replacement key specific to said at least one PSD. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for initially generating and installing a master key replacement key and a master key for at least one personal security device (PSD), said method comprising:
-
receiving a unique PSD identification number by a first data processing device, generating a master key data block, a master key replacement key data block and asymmetric key pair by a second data processing device, transferring said master key data block, said master key replacement key data block and a public key of said asymmetric key pair from said second data processing device to said first data processing device, generating a random number by said first data processing device, diversifying said master key replacement data block using said random number and generating a replacement key by said first data processing device, encrypting said random number with said public key, forming a cryptogram by said first data processing device, associating said cryptogram with said unique PSD identification number by said first data processing device, storing said cryptogram by said first data processing device, deleting said random number from said first data processing device, diversifying said master key data block using said unique PSD identification number and generating a master key by said first data processing device, operatively installing said master key replacement key and said master key inside said at least one PSD by said first data processing device. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method for post issuance master key replacement for at least one personal security device (PSD), said method comprising:
-
receiving a unique PSD identification number by a first data processing device, generating a new master key data block, a master key replacement key data block by a second data processing device, transferring said new master key data block, said master key replacement key data block and a private key from said second data processing device to said first data processing device, cross-referencing said unique PSD identification number with a stored cryptogram associated with said at least one PSD by said first data processing device, retrieving and decrypting said cross-referenced cryptogram using said private key, forming a random number, diversifying said master key replacement data block using said random number and generating a master key replacement key by said first data processing device, diversifying said master key data block using said unique PSD identification number and generating a new master key by said first data processing device, establishing a secure channel with said at least one PSD by said first data processing device, unlocking a security executive associated with said at least one PSD, using said master key replacement key by said first data processing device, deleting an existing master key by said first data processing device, installing said new master key by said first data processing device, relocking said security executive by said first data processing device releasing said secure channel to said at least one PSD by said first data processing device. - View Dependent Claims (28, 29, 30, 31, 32)
-
Specification