Cryptographically secure authentication device, system and method

US 8,693,683 B2
Filed: 11/17/2010
Issued: 04/08/2014
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a private key generator for generating a private key;

a non-volatile memory for storing at least the private key;

an index source;

a hash engine; and

a logical interconnection between the private key generator, the non-volatile memory, the index source, and the hash engine;

said hash engine receiving the private key via the logical interconnection and performing a number of hashes on the private key to generate an identifying value provided via the logical interconnection,wherein the identifying value is for use in authenticating said device,wherein the number of hashes is based on the difference between a reference number stored in the non-volatile memory and a selected index number selected from a series of decreasing index numbers indicated by the index source, and wherein a first selected index number at a first time is greater than a second selected index number at a second time later than the first time.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other.

Citations

21 Claims

1. An electronic device comprising:
- a private key generator for generating a private key;
  
  a non-volatile memory for storing at least the private key;
  
  an index source;
  
  a hash engine; and
  
  a logical interconnection between the private key generator, the non-volatile memory, the index source, and the hash engine;
  
  said hash engine receiving the private key via the logical interconnection and performing a number of hashes on the private key to generate an identifying value provided via the logical interconnection,wherein the identifying value is for use in authenticating said device,wherein the number of hashes is based on the difference between a reference number stored in the non-volatile memory and a selected index number selected from a series of decreasing index numbers indicated by the index source, and wherein a first selected index number at a first time is greater than a second selected index number at a second time later than the first time.
- View Dependent Claims (2, 3, 10)
- - 2. The device of claim 1 wherein the reference number is a reference time stored in the non-volatile memory, wherein the index source is a clock source, wherein the index number is a clock number, and wherein the number of hashes is derived from the difference between the clock number and the reference time stored in the non-volatile memory.
  - 3. The device of claim 2 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.
  - 10. The device of claim 1 further comprising an interface connected to the logical interconnection and wherein the identifying value it provided to said interface via the logical interconnection.

4. A device comprising:
- a logical interconnection;
  
  a non-volatile memory connected to the logical interconnection;
  
  a private key generator generating a private key, said private key generator connected to the logical interconnection and providing the private key via the logical interconnection to the non-volatile memory for storing the private key in the non-volatile memory;
  
  a hash engine connected to the logical interconnection, said hash engine receiving the private key via the logical interconnection and performing a number of hashes on the private key to generate an identifying value, wherein the number of hashes is based on the difference between a clock number indicated by an index source comprising a clock source and a reference time stored in the non-volatile memory; and
  
  wherein the logical interconnection provides the identifying value for use in authenticating said device.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The device of claim 4:
    - wherein the logical interconnection, the private key generator, the non-volatile memory and the hash engine comprise a unitary, integrated device;
      
      wherein the unitary, integrated device is configured such that the logical interconnection stores the private key only in the non-volatile memory and provides the private key stored in the non-volatile memory only to the hash engine; and
      
      wherein the unitary, integrated device is configured such that the private key stored in the non-volatile memory is inaccessible by other devices so that other devices cannot obtain the private key.
  - 6. The device of claim 4 wherein an identifier of the device, the clock number and the identifying value are stored in the non-volatile memory and wherein the logical interconnection provides the clock number and the identifier for use in authenticating said device.
  - 7. The device of claim 4 wherein the private key generator is a random number generator within the device, wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.
  - 8. The device of claim 7 wherein the end timestamp comprises a far future date.
  - 9. The device of claim 4 wherein an identifier is stored in the non-volatile memory and wherein the logical interconnection provides the identifier for use in authenticating said device.

11. An electronic device comprising:
- a private key generator for generating a private key;
  
  a non-volatile memory for storing at least the private key;
  
  an index source comprising a clock source;
  
  a hash engine;
  
  a logical interconnection between the private key generator, the non-volatile memory, the index source, and the hash engine; and
  
  a processor for transmitting information;
  
  said hash engine receiving the private key via the logical interconnection and performing a number of hashes on the private key to generate an identifying value provided via the logical interconnection, wherein the number of hashes is based on the difference between an clock number indicated by the index source and a reference time stored in the non-volatile memory and wherein the identifying value is for use in authenticating said device.
- View Dependent Claims (12)
- - 12. The device of claim 11 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.

13. A system comprising:
- a verifying device; and
  
  a plurality of electronic devices, each device comprising;
  
  a logical interconnection;
  
  a non-volatile memory connected to the logical interconnection;
  
  a private key generator generating a private key, said private key generator connected to the logical interconnection and providing the private key via the logical interconnection to the non-volatile memory for storing the private key in the non-volatile memory;
  
  an index source indicating a clock number;
  
  a hash engine connected to the logical interconnection, said hash engine receiving the private key via the logical interconnection and performing a number of hashes on the private key to generate an identifying value, the number of hashes based on the clock number; and
  
  wherein the logical interconnection provides the identifying value and the clock number to the verifying device for use in authenticating said device;
  
  wherein the verifying device receives the identifying value and the clock number, said verifying device performing a number of hashes on the received identifying value based on the received clock number to determine whether the device should be authenticated.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13:
    - wherein the verifying device receives a first identifying value and a first clock number, wherein the verifying device receives a second identifying value and a second clock number, wherein the verifying device performs a number of hashes on the second received identifying value derived from the difference between the first clock number and the second clock number to determine a result, wherein the verifying device compares the result to the first identifying value, said verifying device authenticating the device when the result equals the first identifying value and said verifying device not authenticating the device when the result does not equal the first identifying value.
  - 15. The system of claim 13 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.

16. A method for pairing devices for cryptographic communication, comprising:
- identifying a first device and a second device wherein each device comprises;
  
  a private key generator for generating a private key;
  
  a non-volatile memory for storing at least the private key;
  
  a hash engine using a root key and the private key;
  
  an index source comprising a clock source for use by the hash engine; and
  
  a logical interconnection between the private key generator, the non-volatile memory, and the hash engine;
  
  connecting the first device and the second device;
  
  generating, by the connected first and second devices, a common root key for use by each hash engine; and
  
  wherein the first device uses the common root key via its hash engine to cryptographically communicate with the second device and vice versa;
  
  wherein each hash engine performs a number of hashes on the private key to generate an identifying value based on the private key and the common root key;
  
  wherein the number of hashes is based on the difference between clock number indicated by the index source and a reference time stored in the non-volatile memory; and
  
  wherein the generated identifying value provided via the logical interconnection is for use in authenticating said device.
- View Dependent Claims (17)
- - 17. The method of claim 16 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.

18. A cryptographic electronic device comprising:
- a private key generator for generating a private key;
  
  a non-volatile memory for storing at least the private key;
  
  a hash engine using the private key and using a common root key used by at least one other device to which this device is paired;
  
  an index source comprising a clock source for use by the hash engine; and
  
  a logical interconnection between the private key generator, the non-volatile memory and the hash engine;
  
  said hash engine performing a number of hashes on the private key to generate an identifying value based on the private key and the common root key, wherein the number of hashes is based on the difference between an clock number which is one of a series of decreasing numbers indicated by the index source and a reference time stored in the non-volatile memory;
  
  said identifying value provided via the logical interconnection for use in authenticating said device with the other device and wherein the common root key is used to cryptographically communicate with the other device.
- View Dependent Claims (19)
- - 19. The device of claim 18 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.

20. A system for cryptographic communication, comprising:
- a plurality of devices, wherein each device comprises;
  
  a private key generator for generating a private key;
  
  a non-volatile memory for storing at least the private key;
  
  a hash engine using a common root key and the private key;
  
  an index source comprising a clock source for use by the hash engine; and
  
  a logical interconnection between the private key generator, the non-volatile memory, and the hash engine;
  
  wherein each of the devices shares the common root key which is generated by connecting the devices together; and
  
  wherein each of the hash engines of each of the devices is configured to use the common root key to cryptographically communicate with other devices of the plurality of devices;
  
  wherein each hash engine performs a number of hashes on the private key to generate an identifying value based on the private key and the common root key;
  
  wherein the number of hashes is based on the difference between an clock number indicated by the index source and a reference time stored in the non-volatile memory; and
  
  wherein the generated identifying value provided via the logical interconnection is for use in authenticating said device.
- View Dependent Claims (21)
- - 21. The system of claim 20 wherein the clock number comprises a current timestamp, wherein the reference time comprises an end timestamp and wherein the number of hashes is derived from the difference between the current timestamp and an end timestamp.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aclara Technologies LLC (Hubbell, Inc.)
Original Assignee
Aclara Technologies LLC (Hubbell, Inc.)
Inventors
Emelko, Glenn A.
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/512,095
Publication Number

US 20120275595A1
Time in Patent Office

1,238 Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 9/006   involving public key infras...

H04L 9/007   involving hierarchical stru...

H04L 9/08   Key distribution or managem...

H04L 9/0861   Generation of secret inform...

H04L 9/0897   involving additional device...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3297   involving time stamps, e.g....

H04L 9/50   using hash chains, e.g. blo...

Cryptographically secure authentication device, system and method

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographically secure authentication device, system and method

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links