Dual interface device for access control and a method therefor
First Claim
Patent Images
1. An access control device having dual interfaces comprising:
- a memory having a cryptographic store with entries storing cryptographic information, the cryptographic information including access credentials and cryptographic keys;
a contact-bound interface for communication with a remote system, the contact-bound interface comprising a USB (“
universal serial bus”
) interface;
a contact-less interface for transmitting data derived from the cryptographic information to an access control system;
a cryptographic processor that controls the access control device to;
present, via the contact-bound interface, a USB mass storage device interface having a virtual file system that does not expose free read-and-write access to the memory of the access control device and presents a virtual representation of the cryptographic information in which entries in the cryptographic store are represented as files;
receive, via the contact-bound interface, new cryptographic information in an encrypted file written to the virtual file system, wherein the new cryptographic information is received as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files;
verify the new cryptographic information received in the encrypted file written to the virtual file system, wherein the verifying comprises;
decrypting the encrypted file using a master key from the cryptographic store to produce a decrypted file; and
verifying a digital signature present in the decrypted file; and
responsive to successful verification of the new cryptographic information, store the new cryptographic information from the decrypted file in one or more entries of the cryptographic store.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.
-
Citations
15 Claims
-
1. An access control device having dual interfaces comprising:
- a memory having a cryptographic store with entries storing cryptographic information, the cryptographic information including access credentials and cryptographic keys;
a contact-bound interface for communication with a remote system, the contact-bound interface comprising a USB (“
universal serial bus”
) interface;a contact-less interface for transmitting data derived from the cryptographic information to an access control system; a cryptographic processor that controls the access control device to; present, via the contact-bound interface, a USB mass storage device interface having a virtual file system that does not expose free read-and-write access to the memory of the access control device and presents a virtual representation of the cryptographic information in which entries in the cryptographic store are represented as files; receive, via the contact-bound interface, new cryptographic information in an encrypted file written to the virtual file system, wherein the new cryptographic information is received as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files; verify the new cryptographic information received in the encrypted file written to the virtual file system, wherein the verifying comprises; decrypting the encrypted file using a master key from the cryptographic store to produce a decrypted file; and verifying a digital signature present in the decrypted file; and responsive to successful verification of the new cryptographic information, store the new cryptographic information from the decrypted file in one or more entries of the cryptographic store. - View Dependent Claims (2, 3, 4, 5, 6)
- a memory having a cryptographic store with entries storing cryptographic information, the cryptographic information including access credentials and cryptographic keys;
-
7. A method for secure communication with an access control device, comprising:
-
storing cryptographic information in entries of a cryptographic store, the cryptographic information including access credentials and cryptographic keys; presenting, via a contact-bound interface comprising a USB (“
universal serial bus”
) interface, a USB mass storage device interface having a virtual file system that does not expose free read-and-write access to the memory of the access control device and presents a virtual representation of the cryptographic information in which entries in the cryptographic store are represented as files;receiving, via the contact-bound interface, new cryptographic information in an encrypted file written to the virtual file system, wherein the new cryptographic information is received as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files; verifying the new cryptographic information received in the encrypted file written to the virtual file system, wherein the verifying comprises; decrypting the encrypted file using a master key from the cryptographic store to produce a decrypted file; and
verifying a digital signature present in the decrypted file;responsive to successful verification of the new cryptographic information, storing the new cryptographic information from the decrypted file in one or more entries of the cryptographic store; and
transmitting, via a contact-less interface, data derived from the cryptographic information to an access control system. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium storing computer program code executable to perform steps comprising:
-
storing cryptographic information in entries of a cryptographic store, the cryptographic information including access credentials and cryptographic keys; presenting, via a contact-bound interface comprising a USB (“
universal serial bus”
) interface, a USB mass storage device interface having a virtual file system that does not expose free read-and-write access to the memory of the access control device and presents a virtual representation of the cryptographic information in which entries in the cryptographic store are represented as files;receiving, via the contact-bound interface, new cryptographic information in an encrypted file written to the virtual file system, wherein the new cryptographic information is received as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files; verifying the new cryptographic information received in the encrypted file written to the virtual file system, wherein the verifying comprises; decrypting the encrypted file using a master key from the cryptographic store to produce a decrypted file; and
verifying a digital signature present in the decrypted file;responsive to successful verification of the new cryptographic information, storing the new cryptographic information from the decrypted file in one or more entries of the cryptographic store; and
transmitting, via a contact-less interface, data derived from the cryptographic information to an access control system. - View Dependent Claims (13, 14, 15)
-
Specification