Privacy-enhanced E-passport authentication protocol

US 8,880,888 B2
Filed: 05/10/2010
Issued: 11/04/2014
Est. Priority Date: 05/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining confidentiality of sensitive information stored in a machine readable document pertaining to a correspondent during transmission of said sensitive information to a machine for examination, comprising:

generating an encryption key e from a public key of said correspondent and encrypting said sensitive information with said encryption key e to obtain a ciphertext C,forwarding said ciphertext C to said machine,receiving from said machine an ephemeral public key obtained from an ephemeral private key b of said machine and said ciphertext C, andreturning to said machine additional information to permit recovery of said sensitive information by said machine from said ciphertext C.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value.

33 Citations

15 Claims

1. A method of maintaining confidentiality of sensitive information stored in a machine readable document pertaining to a correspondent during transmission of said sensitive information to a machine for examination, comprising:
- generating an encryption key e from a public key of said correspondent and encrypting said sensitive information with said encryption key e to obtain a ciphertext C,forwarding said ciphertext C to said machine,receiving from said machine an ephemeral public key obtained from an ephemeral private key b of said machine and said ciphertext C, andreturning to said machine additional information to permit recovery of said sensitive information by said machine from said ciphertext C.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 further comprising:
    - prior to forwarding said ciphertext C and said additional information to said machine, authenticating said machine to said machine readable document, wherein said ciphertext C and said additional information is forwarded to said machine only upon successful authentication of said machine.
  - 3. The method according to claim 1, wherein said sensitive information is biometric information.
  - 4. The method according to claim 1, wherein said ephemeral public key is used to generate said additional information.
  - 5. The method according to claim 1, wherein said additional information permits recovery of said encryption key e.
  - 6. The method according to claim 1, wherein said encryption key e is derived from a value R obtained from a long term public key Q of said correspondent and a session private key k generated by said machine readable document.
  - 7. The method according to claim 6, wherein said additional information permits computation of said value R by said machine and thereby derivation of said encryption key e.
  - 8. The method according to claim 6, wherein said long term public key Q has a corresponding long term private key d and said additional information is obtained from combining said long term private key d and said ephemeral public key.
  - 9. The method according to claim 6, wherein said ephemeral public key incorporates a signature component s that binds a long term private key d of said correspondent and said session private key k with a hash h of said ciphertext C.

10. A method of maintaining confidentiality of sensitive information stored in a machine readable document pertaining to a correspondent during transmission of said sensitive information to a machine for examination, comprising:
- said machine initiating a request to assemble a message by said machine readable document, said message having a primary portion M₁and a secondary portion M₂, said primary portion including a ciphertext C obtained from encrypting said sensitive information with a session encryption key e and said secondary portion containing less sensitive information retrieved from said machine readable document and including a long term public key of said one correspondent,receiving said message from said machine readable document,generating a value from said ciphertext C and said secondary portion M₂,generating an ephemeral private key, and utilizing said value and said ephemeral private key to generate a public session key from said value and said ephemeral private key,forwarding said public session key to said machine readable document and obtaining from said machine readable document additional information to permit recovery of said sensitive information from said ciphertext C, andsaid machine recovering said sensitive information from said ciphertext C using said additional information.
- View Dependent Claims (11, 12)
- - 11. The method according to claim 10, wherein said additional information is a further public key that permit recovery of said session encryption key.
  - 12. The method according to claim 10, further comprising:
    - said machine comparing said recovered sensitive information with a reference input obtained directly from said correspondent to authenticate identity of the correspondent.

13. A machine readable document of a correspondent, said machine readable document having a cryptographic unit including an arithmetic processor for performing cryptographic operations and a random number generator to provide ephemeral session keys, a data communication interface for communicating with a machine for examining said machine readable document, and a memory device to store sensitive information in a secure manner, said data communication interface and said memory device being in data communication with said cryptographic unit, said cryptographic unit configured to implement a method comprising:
- generating an encryption key e from a public key of said correspondent and encrypting said sensitive information with said encryption key e to obtain a ciphertext C,forwarding said ciphertext C to said machine,receiving from said machine an ephemeral public key obtained from an ephemeral private key b of said machine and said ciphertext C, andreturning to said machine additional information to permit recovery of said sensitive information by said machine from said ciphertext C.
- View Dependent Claims (14)
- - 14. The machine readable document according to claim 13, wherein said cryptographic unit includes a secure memory device for storing private keys and certificates.

15. A machine for authenticating a correspondent based on sensitive information stored in a machine readable document pertaining to the correspondent, comprising:
- a data processing engine,a data communication interface coupled to the data processing engine, the data communication interface being configured to communicate with a machine readable document having stored therein sensitive information pertaining to the correspondent, anda scanner coupled to the data processing engine for obtaining a reference input directly from the correspondent,wherein the data processing engine is configured to implement a method comprising;
  
  initiating a request to assemble a message by said machine readable document, said message having a primary portion M₁and a secondary portion M₂, said primary portion including a ciphertext C obtained from encrypting said sensitive information with a session encryption key e and said secondary portion containing less sensitive information retrieved from said machine readable document and including a long term public key of said one correspondent,receiving said message from said machine readable document,generating a value from said ciphertext C and said secondary portion M₂,generating an ephemeral private key, and utilizing said value and said ephemeral private key to generate a public session key from said value and said ephemeral private key,forwarding said public session key to said machine readable document and obtaining from said machine readable document additional information to permit recovery of said sensitive information from said ciphertext C, andrecovering said sensitive information from said ciphertext C using said additional information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Brown, Daniel R. L., Vanstone, Scott A.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US12/776,803
Publication Number

US 20100250945A1
Time in Patent Office

1,639 Days
Field of Search

380/30
US Class Current

713/172
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3066   involving algebraic varieti...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/47   using near field communicat...

Privacy-enhanced E-passport authentication protocol

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Privacy-enhanced E-passport authentication protocol

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others