Techniques for carrying out seed or key derivation
First Claim
1. In an electronic apparatus, a method of carrying out key derivation, comprising:
- acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key;
performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key;
providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; and
in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, (i) deriving a current representation of the higher-level key and (ii) providing a signal indicating whether the current representation of the higher-level key matches the stored representation of the higher-level key.
23 Assignments
0 Petitions
Accused Products
Abstract
A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.
-
Citations
18 Claims
-
1. In an electronic apparatus, a method of carrying out key derivation, comprising:
-
acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key; performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key; providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; and in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, (i) deriving a current representation of the higher-level key and (ii) providing a signal indicating whether the current representation of the higher-level key matches the stored representation of the higher-level key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 18)
-
-
9. In an electronic apparatus, a method of carrying out key derivation, comprising:
-
acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key; performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key; providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, deriving a new key based on the stored representation of the higher-level key; and in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, determining whether the stored representation of the higher-level key is corrupted and, if so, replacing the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key. - View Dependent Claims (10, 11)
-
-
16. A hardware authenticator, comprising:
-
an electronic controller; memory coupled to the electronic controller; and a hand holdable casing having a set of peripheral walls which defines an internal space, the electronic controller and the memory being disposed within the internal space; the electronic controller being arranged to; acquire a stored representation of a derived key from the memory, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key; perform a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key; and provide a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; wherein, in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, the electronic controller is arranged to derive a new key based on the stored representation of the higher-level key; and wherein, in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, the electronic controller is arranged to determine whether the stored representation of the higher-level key is corrupted and, if so, replace the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key.
-
-
17. An authentication server to perform authentication, comprising:
-
a network interface; memory; and a processing circuit coupled to the network interface and the memory, the processing circuit being arranged to; acquire a stored representation of a derived key from the memory, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key, perform a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key, provide a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key, and using the derived key, respond to an authentication request received from a hardware authenticator through the network interface, the authentication request attempting to authenticate with the authentication server; wherein, in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, the processing circuit is arranged to derive a new key based on the stored representation of the higher-level key; and wherein, in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, the processing circuit is arranged to determine whether the stored representation of the higher-level key is corrupted and, if so, replace the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key.
-
Specification