Method and apparatus for secure validation of tokens
First Claim
1. A machine for verifying that a cryptographic token has been properly configured, the cryptographic token having been produced by a manufacturer in possession of the machine, the machine comprising:
- tamper-resistant non-volatile memory, the non-volatile memory storing a first secret code;
an input/output device;
a processor, the processor being configured to;
receive a test value through the input/output device;
receive a precursor value through the input/output device;
calculate an expected cryptographic seed uniquely associated with the cryptographic token by using the precursor value and the first secret code stored in tamper-resistant non-volatile memory;
calculate an expected pseudo-random number by using the expected cryptographic seed and calculation parameters;
compare the expected pseudo-random number and the test value; and
if the expected pseudo-random number equals the test value, then output a signal verifying that the cryptographic token has been properly configured, otherwise output a signal to the manufacturer in possession of the machine indicating that the cryptographic token has not been properly configured;
wherein;
the precursor value received through the input/output device is received from the cryptographic token, the precursor value having been calculated by the cryptographic token; and
the test value received through the input/output device is received from the cryptographic token, the test value having been calculated by the cryptographic token using a secret cryptographic seed stored on the cryptographic token;
calculation of the precursor value by the cryptographic token includes;
the cryptographic token receiving a serial number uniquely assigned to the cryptographic token by the manufacturer not in possession of the first secret code; and
the cryptographic token mathematically combining the serial number with the first secret code; and
calculation of the test value by the cryptographic token includes the cryptographic token mathematically combining the precursor value with the secret cryptographic seed.
23 Assignments
0 Petitions
Accused Products
Abstract
A method for validating a cryptographic token includes (a) operating the cryptographic token to generate a pseudo-random number for authentication purposes by using a cryptographic seed uniquely associated with the cryptographic token, the cryptographic seed having been cryptographically generated using a precursor value, (b) receiving a first value from the cryptographic token, the first value being the pseudo-random number generated by the cryptographic token, (c) inputting the first value and the precursor value into a trusted computing platform, and (d) operating the trusted computing platform to generate a validation signal if the first value can be derived using a specified algorithm from the precursor value, but to generate a failure signal if the first value cannot be derived using the specified algorithm from the precursor value. Accompanying methods and apparatus are also provided.
-
Citations
14 Claims
-
1. A machine for verifying that a cryptographic token has been properly configured, the cryptographic token having been produced by a manufacturer in possession of the machine, the machine comprising:
-
tamper-resistant non-volatile memory, the non-volatile memory storing a first secret code; an input/output device; a processor, the processor being configured to; receive a test value through the input/output device; receive a precursor value through the input/output device; calculate an expected cryptographic seed uniquely associated with the cryptographic token by using the precursor value and the first secret code stored in tamper-resistant non-volatile memory; calculate an expected pseudo-random number by using the expected cryptographic seed and calculation parameters; compare the expected pseudo-random number and the test value; and if the expected pseudo-random number equals the test value, then output a signal verifying that the cryptographic token has been properly configured, otherwise output a signal to the manufacturer in possession of the machine indicating that the cryptographic token has not been properly configured; wherein; the precursor value received through the input/output device is received from the cryptographic token, the precursor value having been calculated by the cryptographic token; and the test value received through the input/output device is received from the cryptographic token, the test value having been calculated by the cryptographic token using a secret cryptographic seed stored on the cryptographic token; calculation of the precursor value by the cryptographic token includes; the cryptographic token receiving a serial number uniquely assigned to the cryptographic token by the manufacturer not in possession of the first secret code; and the cryptographic token mathematically combining the serial number with the first secret code; and calculation of the test value by the cryptographic token includes the cryptographic token mathematically combining the precursor value with the secret cryptographic seed. - View Dependent Claims (2, 3, 4, 5, 6, 10)
-
-
7. A method of validating a cryptographic token at a trusted computing module, the cryptographic token having been produced by a manufacturer in possession of the trusted computing module, the method comprising:
-
receiving a test value through an input/output device; receiving a precursor value through the input/output device; calculating an expected cryptographic seed uniquely associated with the cryptographic token by using the precursor value and a first secret code stored in tamper-resistant non-volatile memory; calculating an expected pseudo-random number by using the expected cryptographic seed and calculation parameters; comparing the expected pseudo-random number and the test value; and if the expected pseudo-random number equals the test value, then outputting a signal verifying that the cryptographic token has been properly configured, otherwise outputting a signal to the manufacturer in possession of the trusted computing module indicating that the cryptographic token has not been properly configured; wherein receiving the precursor value through the input/output device includes receiving the precursor value from the cryptographic token, the precursor value having been calculated by the cryptographic token; receiving the test value through the input/output device includes receiving the test value from the cryptographic token, the test value having been calculated by the cryptographic token using a secret cryptographic seed stored on the cryptographic token; calculation of the precursor value by the cryptographic token includes; the cryptographic token receiving a serial number uniquely assigned to the cryptographic token by the manufacturer not in possession of the first secret code; and the cryptographic token mathematically combining the serial number with the first secret code; and calculation of the test value by the cryptographic token includes the cryptographic token mathematically combining the precursor value with the secret cryptographic seed. - View Dependent Claims (8, 9, 11)
-
-
12. A method of validating, at a trusted computing module (TCM), a cryptographic token produced by a manufacturer in possession of the trusted computing module, the method comprising:
-
receiving, at the TCM, a precursor value from the cryptographic token, the precursor value being an intermediate value produced by the cryptographic token while internally generating a token cryptographic seed (TCS) from a secret code stored in the cryptographic token, the TCS and the secret code remaining unknown to the manufacturer; receiving, at the TCM, a pseudo-randomly generated value under test (PRGVUT) from the cryptographic token, the PRGVUT being a number generated by the cryptographic token by applying a pseudo-random number generation algorithm to the TCS and another parameter, the other parameter being known to both the cryptographic token and the TCM; calculating, at the TCM, a best-guess cryptographic seed (BGCS) by encrypting the precursor value using the secret code as an encryption key, the secret code being securely stored within tamper-resistant non-volatile memory of the TCM such that the secret code is not accessible to the manufacturer; generating, at the TCM, a best-guess pseudo-randomly generated value (BGPRGV) by applying the pseudo-random number generation algorithm to the BGCS and the other parameter; comparing, at the TCM, the BGPRGV to the PRGVUT; and if and only if the BGPRGV is equal to the PRGVUT, then outputting a validation signal from the TCM to the manufacturer in possession of the TCM to inform the manufacturer that the cryptographic token has been properly configured. - View Dependent Claims (13)
-
-
14. A method of producing cryptographic tokens, the method comprising:
-
providing, from a central encryption authority, a manufacturer with a machine for verifying that a cryptographic token has been properly configured with a secret cryptographic seed; assigning, by the central encryption authority, a first secret code to the manufacturer, the first secret code being securely embedded in tamper-resistant pre-fabricated chips sent to the manufacturer, the first secret code being kept a secret unknown to the manufacturer; receiving, at the central encryption authority, for each of a plurality of cryptographic tokens produced by the manufacturer using the pre-fabricated chips, a serial number uniquely assigned to that cryptographic token and a precursor value produced by that cryptographic token; calculating, using a computer, at the central encryption authority, the secret cryptographic seed for each of the plurality of cryptographic tokens using the first secret code assigned to the manufacturer and the serial number and precursor value received for that cryptographic token; wherein the machine for verifying that a cryptographic token has been properly configured with a secret cryptographic seed includes; tamper-resistant non-volatile memory, the non-volatile memory storing the first secret code; an input/output device; a processor, the processor being configured to; receive a test value through the input/output device; receive the precursor value produced by the cryptographic token through the input/output device; calculate an expected cryptographic seed uniquely associated with the cryptographic token by using the precursor value and the first secret code stored in tamper-resistant non- volatile memory; calculate an expected pseudo-random number by using the expected cryptographic seed and calculation parameters; compare the expected pseudo-random number and the test value; and if the expected pseudo-random number equals the test value, then output a signal verifying that the cryptographic token has been properly configured, otherwise output a signal to the manufacturer in possession of the machine indicating that the cryptographic token has not been properly configured; wherein; the precursor value received through the input/output device is received from the cryptographic token, the precursor value having been calculated by the cryptographic token; and the test value received through the input/output device is received from the cryptographic token, the test value having been calculated by the cryptographic token using a secret cryptographic seed stored on the cryptographic token; calculation of the precursor value by the cryptographic token includes; the cryptographic token receiving the serial number uniquely assigned to the cryptographic token by the manufacturer not in possession of the first secret code; and the cryptographic token mathematically combining the serial number with the first secret code; and calculation of the test value by the cryptographic token includes the cryptographic token mathematically combining the precursor value with the secret cryptographic seed.
-
Specification